| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner auf dem pc oder nicht?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.03.2012, 16:43
| #1 |
| |  BKA-Trojaner auf dem pc oder nicht? hallo forum, ich habe gestern eine version des bka-trojaners auf meinem rechner vorgefunden, die den pc zunächst gesperrt hat. nach ausführlichen recherchen im netz habe ich keine version gefunden, die der meinen ähnelt und daher auch keinen lösungsansatz. nach neutstarten des rechners, war vom trojaner dann aber erst mal nichts mehr zu sehen, der pc läuft scheinbar normal. nun meine frage: ist das ding trotzdem noch auf dem rechner oder nicht? möglicherweise eine naive frage - da ich jedoch eine absolute pc-idiotin bin, bitte ich das (und alle folgenden begriffstutzigkeiten) zu entschuldigen  .vielen dank für eine antwort! lg, theda |
|
01.03.2012, 18:36
| #2 |
| /// Malware-holic   | BKA-Trojaner auf dem pc oder nicht? hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
01.03.2012, 18:54
| #3 |
| | BKA-Trojaner auf dem pc oder nicht? hallo markus,
__________________danke für deine schnelle rückmeldung! habe otl.exe runtergeladen und die angegebenen schritte befolgt. leider hängt sich der otl-scan schon nach wenigen sekunden auf ("keine rückmeldung"). des weiteren gibt antivir seit einigen stunden immer wieder folgende warnmeldung: TR/LockScreen.BU.1 gefunden. steht das in irgendeinem zusammenhang zum erstgenannten problem mit dem bka trojaner? wie soll ich weiter verfahren? vielen dank für deine hilfe, theda |
|
01.03.2012, 19:19
| #4 |
| /// Malware-holic | BKA-Trojaner auf dem pc oder nicht? hi, wie siehts aus wenn du mein script weg lässt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2012, 19:26
| #5 |
| | BKA-Trojaner auf dem pc oder nicht? hi, was meinst du mit "script"? ich habe den scan gestartet, nachdem ich otl heruntergeladen hatte. der scan bricht aber schon nach wenigen sekunden ab, das programm reagiert dann nicht mehr. |
|
01.03.2012, 19:59
| #6 |
| /// Malware-holic | BKA-Trojaner auf dem pc oder nicht? ok Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ --> BKA-Trojaner auf dem pc oder nicht? |
|
01.03.2012, 20:12
| #7 |
| | BKA-Trojaner auf dem pc oder nicht? hallo markus, aus welchen gründen auch immer hat otl den scan nun doch ausgeführt (glaube ich zumindest). anbei der inhalt: wie gehts weiter?OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.03.2012 19:23:11 - Run 2 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Theda\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,75% Memory free 6,21 Gb Paging File | 4,30 Gb Available in Paging File | 69,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 585,42 Gb Total Space | 298,15 Gb Free Space | 50,93% Space Free | Partition Type: NTFS Computer Name: THEDA | User Name: Theda | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office\WINWORD.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\77127374bf3de8ede2afcdee94bde3c8\Mcx2Dvcs.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\475ace6e7cf2fdeba90bda946181e15c\Microsoft.MediaCenter.iTv.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehshell\c5db95cc089f53a8466086e19ec47322\ehshell.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\015a692fac966be04ba567b1016c315d\Microsoft.MediaCenter.Sports.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ca71fd7a568c1f54cdf0b94fd4ca71d3\Microsoft.MediaCenter.Shell.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\e3b8664bf8adac1620ed2c4b64478079\mcstoredb.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\675186fa7a9ca81a3a0420d79c6ab55c\mcstore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcepg\9c634d1c8f581ddaec27586ae9768af9\mcepg.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\cc0160371f83adff14372fab549c5cf3\ehRecObj.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\3fc7c1f48d8da8165448183e51d0d594\ehiWUapi.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\b97d8b3b8e79d23f9fd32bab5766e272\Microsoft.MediaCenter.UI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\19c33a17570a639bf4007e52cfbb5202\ehiUserXp.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\f5a83e59ee751f6eff633093d1778e4a\Microsoft.MediaCenter.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\d984ef82ef09d68c7746815835df261b\ehiExtCOM.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\3ec4e67623abf2e7e58b7bc56f62b722\ehiProxy.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2050dc7a96918bd474c59851faf87d63\BDATunePIA.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mcplayerinterop\6.0.6000.0__31bf3856ad364e35\mcplayerinterop.dll () MOD - C:\Windows\assembly\GAC_32\Mcx2Dvcs\6.0.6000.0__31bf3856ad364e35\Mcx2Dvcs.dll () MOD - C:\Windows\assembly\GAC_32\mcstoredb\6.0.6000.0__31bf3856ad364e35\mcstoredb.dll () MOD - C:\Windows\assembly\GAC_32\BDATunePIA\6.0.6000.0__31bf3856ad364e35\BDATunePIA.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll () MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU () MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU () MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu () MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU () MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll () MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions [2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions [2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () O4 - HKLM..\Run: [AuditVista] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll () O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE [2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton ========== Files - Modified Within 30 Days ========== [2012.03.01 19:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.01 18:16:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.01 18:16:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys [2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml [2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk [2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll [2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job ========== Files Created - No Company Name ========== [2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk [2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll [2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini [2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat < End of report > |
|
01.03.2012, 20:57
| #8 |
| | BKA-Trojaner auf dem pc oder nicht? hallo markus, ich habe nun noch einmal versucht, deine anweisungen schritt für schritt auszuführen, d.h.: 1. habe den otl scan ausgeführt 2. den inhalt von otl.txt und extras.txt in die textbox "benutzerdefinierte scans/fixes" eingefügt 3. alle programme geschlossen 4. den quick scan ausgeführt 5. nach beendigung des quick scans den inhalt aus der otl.txt datei hier hinein kopOTL Logfile: Code:
ATTFilter OTL logfile created on: 01.03.2012 20:51:19 - Run 5 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Theda\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,22% Memory free 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 585,42 Gb Total Space | 298,90 Gb Free Space | 51,06% Space Free | Partition Type: NTFS Computer Name: THEDA | User Name: Theda | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll () MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU () MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU () MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu () MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU () MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll () MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions [2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions [2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () O4 - HKLM..\Run: [AuditVista] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll () O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE [2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton ========== Files - Modified Within 30 Days ========== [2012.03.01 20:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys [2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml [2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk [2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll [2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job ========== Files Created - No Company Name ========== [2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk [2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll [2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini [2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat ========== LOP Check ========== [2011.01.30 18:03:36 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\Cornelsen [2010.03.21 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\GARMIN [2011.05.13 18:51:03 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\NCH Swift Sound [2011.11.07 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\OpenOffice.org [2010.02.04 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\PaperPublisher [2009.12.29 19:13:14 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\SmarThru4 [2012.03.01 17:15:44 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < OTL logfile created on: 01.03.2012 20:28:47 - Run 4 > < OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Theda\Downloads > < Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation > < Internet Explorer (Version = 8.0.6001.19088) > < Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy > < > < 3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,55% Memory free > < 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,81% Paging File free > < Paging file location(s): ?:\pagefile.sys [binary data] > < > < %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files > < Drive C: | 585,42 Gb Total Space | 299,40 Gb Free Space | 51,14% Space Free | Partition Type: NTFS > < > < Computer Name: THEDA | User Name: Theda | Logged in as Administrator. > < Boot Mode: Normal | Scan Mode: Current user > < Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days > < > < ========== Processes (SafeList) ========== > Invalid Switch: color] < > < PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools) > < PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) > < PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) > < PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) > < PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) > < PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) > < PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) > < PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) > < PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) > < PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) > < PRC - C:\Windows\explorer.exe (Microsoft Corporation) > < PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) > < PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) > < PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () > < PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () > < PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) > < PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) > < PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) > < PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) > < PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) > < PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) > < > < > < ========== Modules (No Company Name) ========== > Invalid Switch: color] < > < MOD - C:\Programme\Mozilla Firefox\mozjs.dll () > < MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () > < MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () > < MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () > < MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () > < MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll () > < MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll () > < MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll () > < MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU () > < MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU () > < MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu () > < MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU () > < MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll () > < MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () > < MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () > < MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () > < > < > < ========== Win32 Services (SafeList) ========== > Invalid Switch: color] < > < SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) > < SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) > < SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) > < SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) > < SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) > < > < > < ========== Driver Services (SafeList) ========== > Invalid Switch: color] < > < DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) > < DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) > < DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) > < DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) > < DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH) > < DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) > < DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) > < DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) > < DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) > < DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) > < DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) > < DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) > < DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.) > < > < > < ========== Standard Registry (SafeList) ========== > Invalid Switch: color] < > < > < ========== Internet Explorer ========== > Invalid Switch: color] < > < IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) > < IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} > < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} > < IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 > < > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN > Invalid Switch: ?ocid=iehp < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01 [binary data] > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 > < IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} > < IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC > < IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 > < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local > < > < ========== FireFox ========== > Invalid Switch: color] < > < FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 > < FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 > < FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 > < > < > < FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () > Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found > Invalid Switch: iTunes,version=: File not found < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () > Invalid Switch: iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () < FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) > Invalid Switch: GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) < FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) > Invalid Switch: JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) < FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) > Invalid Switch: WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) < FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) > Invalid Switch: nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) > Invalid Switch: nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) > Invalid Switch: nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) > Invalid Switch: nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) > Invalid Switch: nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found > Invalid Switch: nsJSRealPlayerPlugin;version=: File not found < FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) > Invalid Switch: Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) < FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) > Invalid Switch: Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) < > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M] > < FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin > < FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter > < > < [2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions > < [2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions > < [2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} > < [2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} > < [2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions > < [2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll > < [2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll > < [2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml > < [2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml > < [2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml > < [2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml > < [2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml > < [2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml > < > < O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts > < O1 - Hosts: 127.0.0.1 localhost > < O1 - Hosts: ::1 localhost > < O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) > < O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) > < O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) > < O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () > < O4 - HKLM..\Run: [AuditVista] File not found > < O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) > < O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) > < O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) > < O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) > < O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) > < O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () > < O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) > < O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) > < O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) > < O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) > < O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) > < O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) > < O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () > < O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () > < O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () > < O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () > < O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm () > < O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () > < O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm () > < O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll () > < O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () > < O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () > < O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) > < O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) > < O13 - gopher Prefix: missing > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56 > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 > < O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) > < O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) > < O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG > < O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG > < O32 - HKLM CDRom: AutoRun - 1 > < O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] > < O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe > < O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe > < O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe > < O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) > Invalid Switch: p \??\J:) < O34 - HKLM BootExecute: (autocheck autochk *) > < O35 - HKLM\..comfile [open] -- "%1" %* > < O35 - HKLM\..exefile [open] -- "%1" %* > < O37 - HKLM\...com [@ = comfile] -- "%1" %* > < O37 - HKLM\...exe [@ = exefile] -- "%1" %* > < > < ========== Files/Folders - Created Within 30 Days ========== > Invalid Switch: color] < > < [2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE > < [2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton > < > < ========== Files - Modified Within 30 Days ========== > Invalid Switch: color] < > < [2012.03.01 20:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job > < [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 > < [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 > < [2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat > < [2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys > < [2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml > < [2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk > < [2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk > < [2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll > < [2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat > < [2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat > < [2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat > < [2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat > < [2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk > < [2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job > < > < ========== Files Created - No Company Name ========== > Invalid Switch: color] < > < [2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk > < [2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk > < [2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll > < [2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini > < [2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini > < [2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini > < [2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat > < > < < End of report > --- --- --- > <OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.03.2012 20:28:47 - Run 4 >
Code:
ATTFilter
< OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Theda\Downloads >
< Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation >
< Internet Explorer (Version = 8.0.6001.19088) >
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
< >
< 3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,55% Memory free >
< 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,81% Paging File free >
< Paging file location(s): ?:\pagefile.sys [binary data] >
< >
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
< Drive C: | 585,42 Gb Total Space | 299,40 Gb Free Space | 51,14% Space Free | Partition Type: NTFS >
< >
< Computer Name: THEDA | User Name: Theda | Logged in as Administrator. >
< Boot Mode: Normal | Scan Mode: Current user >
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
< >
< ========== Extra Registry (SafeList) ========== >
Invalid Switch: color]
< >
< >
< ========== File Associations ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
< .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) >
< .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) >
< .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) >
< >
< [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] >
< .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) >
< >
< ========== Shell Spawning ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
< batfile [open] -- "%1" %* >
< cmdfile [open] -- "%1" %* >
< comfile [open] -- "%1" %* >
< cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) >
< exefile [open] -- "%1" %* >
< helpfile [open] -- Reg Error: Key error. >
< hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) >
< htmlfile [edit] -- Reg Error: Key error. >
< htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" >
< http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
< https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
< inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) >
< piffile [open] -- "%1" %* >
< regfile [merge] -- Reg Error: Key error. >
< scrfile [config] -- "%1" >
< scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >
< scrfile [open] -- "%1" /S >
< txtfile [edit] -- Reg Error: Key error. >
< Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >
< Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >
< Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) >
Invalid Switch: idlist,%I,%L (Microsoft Corporation)
< Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) >
Invalid Switch: idlist,%I,%L (Microsoft Corporation)
< Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< >
< ========== Security Center Settings ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
< "cval" = 1 >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
< "AntiVirusOverride" = 0 >
< "AntiSpywareOverride" = 0 >
< "FirewallOverride" = 0 >
< "VistaSp1" = Reg Error: Unknown registry data type -- File not found >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] >
< >
< ========== Firewall Settings ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] >
< "EnableFirewall" = 1 >
< "DisableNotifications" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] >
< "EnableFirewall" = 1 >
< "DisableNotifications" = 0 >
< "DoNotAllowExceptions" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] >
< "EnableFirewall" = 1 >
< "DisableNotifications" = 0 >
< >
< ========== Authorized Applications List ========== >
Invalid Switch: color]
< >
< >
< ========== Vista Active Open Ports Exception List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
< "{0D9B4809-3C10-48A0-86DD-A9D68C16158E}" = lport=2869 | protocol=6 | dir=in | app=system | >
< "{0FCE8EA4-5A54-4FC3-8A0D-8486C70E38D3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{1C2613BF-DB3B-481B-824F-F444735F2065}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{1DAF50E7-66FA-4EA6-92FA-01A757C3AAF2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{251EDEB5-2A39-43F8-A714-A493E70139C8}" = rport=2869 | protocol=6 | dir=out | app=system | >
< "{272BB308-8136-4ACE-A25D-505C1736DAFF}" = rport=138 | protocol=17 | dir=out | app=system | >
< "{2852C818-DBC1-4077-8BDB-339882BF9F0D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | >
< "{303BFC98-4B6E-4E7F-9EC8-18B6733318BA}" = lport=137 | protocol=17 | dir=in | app=system | >
< "{3472435E-862A-4AD5-9817-C7E76C79327C}" = rport=139 | protocol=6 | dir=out | app=system | >
< "{41EC8C7C-4EB6-4A36-BC3E-2AB7C49D6504}" = lport=139 | protocol=6 | dir=in | app=system | >
< "{45D9225D-0869-4E61-A5AD-480FB8EBAD5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | >
< "{4C73AA3E-46A1-4E60-A87E-E7C3591ACBE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{519048E3-E92D-4FE8-8E77-BC867E520AC7}" = lport=445 | protocol=6 | dir=in | app=system | >
< "{622F7AD9-C9E6-4B06-AA3B-CF692E7E1F86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{70A0FE2F-1909-4D50-BFE6-EAC614C7F8ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | >
< "{70A6DC16-3F97-4BCF-AB07-5D24DB8B1CFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{743AF950-41D0-4D50-8CC0-46CC91F0426C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{7B2DA271-4E87-4919-8325-2CDEE87C5BF9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{80C4FDC5-302B-47AC-9F64-74E851BCA6CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{9128684C-16A4-4119-8593-384A483943B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{9EC9ED5A-AD8C-4B96-B2C3-B9B89DCEEBEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | >
< "{9F97E44F-97DD-4B80-8BCB-AFE19D338420}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | >
< "{AF146322-4DE8-4397-927D-1D765C14E1F2}" = lport=138 | protocol=17 | dir=in | app=system | >
< "{AF368118-676E-4635-B1B7-40773EB15B68}" = lport=2869 | protocol=6 | dir=in | app=system | >
< "{B31EF848-62D4-40B3-8C1D-FE6D5F8EFD07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{B71B8723-F33B-462B-8BD7-AC396ED055ED}" = lport=10243 | protocol=6 | dir=in | app=system | >
< "{BB83EA0F-F607-424A-A5E2-0AC4809B1FBA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{BFF75083-C503-45D2-893B-DE712D2DF3C9}" = rport=10243 | protocol=6 | dir=out | app=system | >
< "{C4E0D738-0F5B-43AE-B469-3A2339CF06E2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | >
< "{CB31EF3A-B696-468A-80F0-331149004040}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{D2DC29FE-EEB7-48E0-8731-8EBDA4FE55C1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{DDAD6306-A4DF-42E1-AF64-791C8A8584BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{F3870119-316B-48F4-97EB-0E9BDF22AB6E}" = rport=445 | protocol=6 | dir=out | app=system | >
< "{FC254C88-FBCB-4EB3-A89E-9F606968C41D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{FDE941C5-E23B-4E13-AE04-883A00B2D551}" = rport=137 | protocol=17 | dir=out | app=system | >
< >
< ========== Vista Active Application Exception List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
< "{05631F0B-25C3-4580-B273-A2A08B876E22}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "{06F51380-D15C-44F9-9D6B-18B1021DF3B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{0B3FB531-88B5-4287-8A5D-A5B1A05C42A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | >
< "{0CE85B40-803B-4934-8904-1AA3B46888BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | >
< "{192E6FA6-04F6-4AD6-B000-D19E813DD0BF}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | >
< "{1E513480-9351-4676-ACA8-E80A130AA559}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | >
< "{25D975CA-CC61-428D-ACBC-404F144C4D35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | >
< "{2843DD70-543B-48EC-8878-9BB8B7863478}" = protocol=6 | dir=out | app=system | >
< "{2AEB4CB7-B090-4631-AAB9-C88CE37C87B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{33B7B956-0B56-4018-B4A4-D4EE7EF0A9EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | >
< "{40ED6370-A2F9-4F2E-A90F-0C4FF9A46088}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{4811F408-21D1-4FE1-AE2D-11019AA78FBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{4D567261-C083-4A49-9779-95C64FE14F65}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "{552BEFFF-CBF9-4971-9F96-D1F318F34D4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{5DF15C1A-D3F2-4DC3-AA78-272986B255E9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{66EF07A6-FEC9-4AF1-9EF0-B83FCA3CD451}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | >
< "{73EFEEB2-8950-423C-A3DC-223EA4B559B1}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | >
< "{92BDF649-6CAF-42DA-946A-3E7864120D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{96C46653-DAA7-4798-8203-70B5779F1429}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | >
< "{97C617FA-8EEC-46A3-B673-ECDC06265611}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{980E6C9E-DE66-44CC-81DA-9EFBE2AB0D67}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | >
< "{A7520AED-B486-4BFA-8415-E161F53A9F6C}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | >
< "{C06D0C95-BD82-4640-BE21-A03DFD8E40FD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | >
< "{CD598967-90BD-4632-B7F2-BC2F92D7075E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{CF17CA4C-2B5B-447A-BE89-4D25FD168797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | >
< "{D143C24E-1151-417F-8271-9EBBC53F3B7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{D2ED002D-A4E2-4E3D-BA11-67CAD90311F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{D9C00D5A-7C1E-4197-A513-B54E43786F41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "{E51726D7-5330-4692-AE75-78E00B16E72C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{EB667932-C450-4744-8957-2100F1A969E4}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | >
< "{F3B057A5-8579-46D7-A76F-7C085665057E}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | >
< "{FB5478A8-7728-4511-B993-1BE59E295921}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "TCP Query User{1B64E226-5666-49AC-BAF2-CD088E3BFA95}C:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | >
< "TCP Query User{49D2679C-2B27-4BF0-B39C-778560886E67}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | >
< "UDP Query User{3E36E3EE-7D92-49E1-8FE3-B78414241794}C:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | >
< "UDP Query User{460AC53A-917A-45FF-91DC-91B7D605C356}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | >
< >
< ========== HKEY_LOCAL_MACHINE Uninstall List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 >
< "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium >
< "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu >
< "{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office >
< "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 >
< "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin >
< "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate >
< "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 >
< "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime >
< "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 >
< "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 >
< "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 >
< "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card >
< "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup >
< "{394C4F1B-8C88-404C-B644-58203570EEDB}" = MainConcept MPEG2 Software Encoder >
< "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile >
< "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5 >
< "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 >
< "{461A4763-28B5-425A-AE3D-B9B54EDF0F21}" = CIB pdf brewer >
< "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater >
< "{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1 >
< "{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300 >
< "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml >
< "{5F6A846C-1CBA-407F-839C-DC0204547F13}" = EuroRoute 2008 >
< "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers >
< "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update >
< "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime >
< "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec >
< "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour >
< "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 >
< "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 >
< "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE >
< "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable >
< "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04 >
< "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper >
< "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch >
< "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 >
< "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy >
< "{CE20056B-01FD-4AC1-BC39-8138CA301031}" = Nero 8 Essentials >
< "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 >
< "{D341C705-A763-4DC0-A3B6-EA13E34ADE9E}" = USB Flachbettscanner >
< "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional >
< "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade >
< "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support >
< "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 >
< "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver >
< "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager >
< "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes >
< "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
< "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 >
< "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) >
< "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX >
< "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin >
< "Audiograbber" = Audiograbber 1.83 SE >
< "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus >
< "C2F5DF4DBA55AD4D004E4EDA0406903C1643F8E0" = Windows-Treiberpaket - PEGATRON GROUP (NxpCap) MEDIA (09/22/2008 1.0.5.25) >
< "Catan - Staedte und Ritter" = Catan - Städte und Ritter >
< "Chipgames Kartenspiele" = Chipgames Kartenspiele >
< "conduitEngine" = Conduit Engine >
< "Google Chrome" = Google Chrome >
< "LIDL Fotoservice_is1" = LIDL Fotoservice >
< "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU >
< "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 >
< "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile >
< "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
< "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) >
< "NCH_DE Toolbar" = NCH DE Toolbar >
< "NVIDIA Drivers" = NVIDIA Drivers >
< "RealPlayer 12.0" = RealPlayer >
< "Samsung CLX-3170 Series" = Samsung CLX-3170 Series >
< "SmarThru PC Fax" = SmarThru PC Fax >
< "Switch" = Switch Audiodatei-Konverter >
< "Werkstatt Geschichte 2" = Werkstatt Geschichte 2 >
< "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 >
< "ZDFmediathek_is1" = ZDFmediathek Version 2.1.5 >
< >
< ========== HKEY_CURRENT_USER Uninstall List ========== >
Invalid Switch: color]
< >
< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< >
< ========== Last 10 Event Log Errors ========== >
Invalid Switch: color]
< >
< [ Application Events ] >
< Error - 09.02.2011 12:01:10 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 09.02.2011 12:01:10 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 09.02.2011 12:06:34 | Computer Name = Theda | Source = Application Error | ID = 1000 >
< Description = Fehlerhafte Anwendung Scan2Pc.exe, Version 2.3.0.0, Zeitstempel 0x4883ebe1, >
< fehlerhaftes Modul NetModule.dll, Version 1.0.0.2, Zeitstempel 0x484d25be, Ausnahmecode >
< 0xc0000005, Fehleroffset 0x00003b7f, Prozess-ID 0xfc4, Anwendungsstartzeit 01cbc8729ce0e1a0. >
< >
< Error - 10.02.2011 11:26:25 | Computer Name = Theda | Source = WinMgmt | ID = 10 >
< Description = >
< >
< Error - 10.02.2011 11:26:37 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 10.02.2011 11:26:37 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 10.02.2011 14:01:21 | Computer Name = Theda | Source = Application Error | ID = 1000 >
< Description = Fehlerhafte Anwendung Scan2Pc.exe, Version 2.3.0.0, Zeitstempel 0x4883ebe1, >
< fehlerhaftes Modul NetModule.dll, Version 1.0.0.2, Zeitstempel 0x484d25be, Ausnahmecode >
< 0xc0000005, Fehleroffset 0x00003b7f, Prozess-ID 0xb3c, Anwendungsstartzeit 01cbc936f8d2b969. >
< >
< Error - 11.02.2011 05:22:18 | Computer Name = Theda | Source = WinMgmt | ID = 10 >
< Description = >
< >
< Error - 11.02.2011 05:22:29 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 11.02.2011 05:22:29 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< [ Media Center Events ] >
< Error - 27.11.2010 08:19:56 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (4956.1128) >
< >
< Error - 27.11.2010 08:19:56 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (4956.1129) >
< >
< Error - 08.12.2010 12:22:31 | Computer Name = Theda | Source = ehRecvr | ID = 3 >
< Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 7231 BDA >
< Analog TV Tuner >
< >
< Error - 08.12.2010 12:23:37 | Computer Name = Theda | Source = ehRecvr | ID = 3 >
< Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 7231 BDA >
< Analog TV Tuner >
< >
< Error - 30.03.2011 12:23:29 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (1408.1128) >
< >
< Error - 30.03.2011 12:23:29 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (1408.1129) >
< >
< Error - 30.03.2011 12:23:34 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (1408.1128) >
< >
< Error - 30.03.2011 12:23:34 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (1408.1129) >
< >
< Error - 07.04.2011 13:59:05 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (5520.1128) >
< >
< Error - 07.04.2011 13:59:05 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (5520.1129) >
< >
< [ System Events ] >
< Error - 01.03.2012 10:59:31 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
< Description = >
< >
< Error - 01.03.2012 13:16:24 | Computer Name = Theda | Source = HTTP | ID = 15016 >
< Description = >
< >
< Error - 01.03.2012 13:16:24 | Computer Name = Theda | Source = Microsoft-Windows-TaskScheduler | ID = 412 >
< Description = >
< >
< Error - 01.03.2012 13:16:32 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
< Description = >
< >
< Error - 01.03.2012 13:16:32 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
< Description = >
< >
< Error - 01.03.2012 15:05:34 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
< >
< Error - 01.03.2012 15:13:10 | Computer Name = Theda | Source = PlugPlayManager | ID = 11 >
< Description = Das Gerät "Root\LEGACY_SMR250\0000" wurde ohne vorbereitende Maßnahmen >
< vom System entfernt. >
< >
< Error - 01.03.2012 15:13:22 | Computer Name = Theda | Source = ipnathlp | ID = 31004 >
< Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet >
< werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner >
< Fehler ist im Speicher-Manager aufgetreten. >
< >
< Error - 01.03.2012 15:20:10 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
< >
< Error - 01.03.2012 15:32:18 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
< >
< >
< < End of report >
--- --- --- > < End of report > iert |
|
01.03.2012, 21:00
| #9 |
| | BKA-Trojaner auf dem pc oder nicht? hallo markus, ich habe nun noch einmal versucht, deine anweisungen schritt für schritt auszuführen, d.h.: 1. habe den otl scan ausgeführt 2. den inhalt von otl.txt und extras.txt in die textbox "benutzerdefinierte scans/fixes" eingefügt 3. alle programme geschlossen 4. den quick scan ausgeführt 5. nach beendigung des quick scans den inhalt aus der otl.txt datei hier hinein kopiert OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.03.2012 20:51:19 - Run 5 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Theda\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,22% Memory free 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 585,42 Gb Total Space | 298,90 Gb Free Space | 51,06% Space Free | Partition Type: NTFS Computer Name: THEDA | User Name: Theda | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll () MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU () MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU () MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu () MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU () MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll () MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions [2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions [2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () O4 - HKLM..\Run: [AuditVista] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll () O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE [2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton ========== Files - Modified Within 30 Days ========== [2012.03.01 20:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys [2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml [2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk [2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll [2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job ========== Files Created - No Company Name ========== [2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk [2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll [2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini [2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat ========== LOP Check ========== [2011.01.30 18:03:36 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\Cornelsen [2010.03.21 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\GARMIN [2011.05.13 18:51:03 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\NCH Swift Sound [2011.11.07 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\OpenOffice.org [2010.02.04 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\PaperPublisher [2009.12.29 19:13:14 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\SmarThru4 [2012.03.01 17:15:44 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < OTL logfile created on: 01.03.2012 20:28:47 - Run 4 > < OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Theda\Downloads > < Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation > < Internet Explorer (Version = 8.0.6001.19088) > < Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy > < > < 3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,55% Memory free > < 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,81% Paging File free > < Paging file location(s): ?:\pagefile.sys [binary data] > < > < %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files > < Drive C: | 585,42 Gb Total Space | 299,40 Gb Free Space | 51,14% Space Free | Partition Type: NTFS > < > < Computer Name: THEDA | User Name: Theda | Logged in as Administrator. > < Boot Mode: Normal | Scan Mode: Current user > < Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days > < > < ========== Processes (SafeList) ========== > Invalid Switch: color] < > < PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools) > < PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) > < PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) > < PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) > < PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) > < PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) > < PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) > < PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) > < PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) > < PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) > < PRC - C:\Windows\explorer.exe (Microsoft Corporation) > < PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) > < PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) > < PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () > < PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () > < PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) > < PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) > < PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) > < PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) > < PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) > < PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) > < > < > < ========== Modules (No Company Name) ========== > Invalid Switch: color] < > < MOD - C:\Programme\Mozilla Firefox\mozjs.dll () > < MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () > < MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () > < MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () > < MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () > < MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll () > < MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll () > < MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll () > < MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU () > < MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU () > < MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu () > < MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU () > < MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll () > < MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () > < MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () > < MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () > < > < > < ========== Win32 Services (SafeList) ========== > Invalid Switch: color] < > < SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) > < SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) > < SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) > < SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) > < SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) > < > < > < ========== Driver Services (SafeList) ========== > Invalid Switch: color] < > < DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) > < DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) > < DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) > < DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) > < DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH) > < DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) > < DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) > < DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) > < DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) > < DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) > < DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) > < DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) > < DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.) > < > < > < ========== Standard Registry (SafeList) ========== > Invalid Switch: color] < > < > < ========== Internet Explorer ========== > Invalid Switch: color] < > < IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) > < IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} > < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} > < IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 > < > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN > Invalid Switch: ?ocid=iehp < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01 [binary data] > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 > < IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} > < IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC > < IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 > < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local > < > < ========== FireFox ========== > Invalid Switch: color] < > < FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 > < FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 > < FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 > < > < > < FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () > Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found > Invalid Switch: iTunes,version=: File not found < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () > Invalid Switch: iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () < FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) > Invalid Switch: GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) < FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) > Invalid Switch: JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) < FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) > Invalid Switch: WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) < FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) > Invalid Switch: nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) > Invalid Switch: nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) > Invalid Switch: nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) > Invalid Switch: nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) > Invalid Switch: nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found > Invalid Switch: nsJSRealPlayerPlugin;version=: File not found < FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) > Invalid Switch: Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) < FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) > Invalid Switch: Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) < > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M] > < FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin > < FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter > < > < [2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions > < [2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions > < [2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} > < [2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} > < [2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions > < [2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll > < [2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll > < [2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml > < [2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml > < [2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml > < [2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml > < [2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml > < [2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml > < > < O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts > < O1 - Hosts: 127.0.0.1 localhost > < O1 - Hosts: ::1 localhost > < O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) > < O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) > < O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) > < O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () > < O4 - HKLM..\Run: [AuditVista] File not found > < O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) > < O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) > < O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) > < O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) > < O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) > < O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () > < O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) > < O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) > < O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) > < O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) > < O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) > < O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) > < O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () > < O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () > < O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () > < O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () > < O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm () > < O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () > < O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm () > < O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll () > < O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () > < O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () > < O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) > < O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) > < O13 - gopher Prefix: missing > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56 > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 > < O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) > < O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) > < O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG > < O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG > < O32 - HKLM CDRom: AutoRun - 1 > < O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] > < O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe > < O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe > < O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe > < O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) > Invalid Switch: p \??\J:) < O34 - HKLM BootExecute: (autocheck autochk *) > < O35 - HKLM\..comfile [open] -- "%1" %* > < O35 - HKLM\..exefile [open] -- "%1" %* > < O37 - HKLM\...com [@ = comfile] -- "%1" %* > < O37 - HKLM\...exe [@ = exefile] -- "%1" %* > < > < ========== Files/Folders - Created Within 30 Days ========== > Invalid Switch: color] < > < [2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE > < [2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton > < > < ========== Files - Modified Within 30 Days ========== > Invalid Switch: color] < > < [2012.03.01 20:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job > < [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 > < [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 > < [2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat > < [2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys > < [2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml > < [2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk > < [2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk > < [2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll > < [2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat > < [2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat > < [2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat > < [2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat > < [2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk > < [2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job > < > < ========== Files Created - No Company Name ========== > Invalid Switch: color] < > < [2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk > < [2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk > < [2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll > < [2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini > < [2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini > < [2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini > < [2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat > < > < < End of report > --- --- --- > <OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.03.2012 20:28:47 - Run 4 >
Code:
ATTFilter
< OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Theda\Downloads >
< Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation >
< Internet Explorer (Version = 8.0.6001.19088) >
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
< >
< 3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,55% Memory free >
< 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,81% Paging File free >
< Paging file location(s): ?:\pagefile.sys [binary data] >
< >
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
< Drive C: | 585,42 Gb Total Space | 299,40 Gb Free Space | 51,14% Space Free | Partition Type: NTFS >
< >
< Computer Name: THEDA | User Name: Theda | Logged in as Administrator. >
< Boot Mode: Normal | Scan Mode: Current user >
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
< >
< ========== Extra Registry (SafeList) ========== >
Invalid Switch: color]
< >
< >
< ========== File Associations ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
< .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) >
< .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) >
< .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) >
< >
< [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] >
< .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) >
< >
< ========== Shell Spawning ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
< batfile [open] -- "%1" %* >
< cmdfile [open] -- "%1" %* >
< comfile [open] -- "%1" %* >
< cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) >
< exefile [open] -- "%1" %* >
< helpfile [open] -- Reg Error: Key error. >
< hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) >
< htmlfile [edit] -- Reg Error: Key error. >
< htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" >
< http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
< https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
< inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) >
< piffile [open] -- "%1" %* >
< regfile [merge] -- Reg Error: Key error. >
< scrfile [config] -- "%1" >
< scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >
< scrfile [open] -- "%1" /S >
< txtfile [edit] -- Reg Error: Key error. >
< Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >
< Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >
< Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) >
Invalid Switch: idlist,%I,%L (Microsoft Corporation)
< Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) >
Invalid Switch: idlist,%I,%L (Microsoft Corporation)
< Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< >
< ========== Security Center Settings ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
< "cval" = 1 >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
< "AntiVirusOverride" = 0 >
< "AntiSpywareOverride" = 0 >
< "FirewallOverride" = 0 >
< "VistaSp1" = Reg Error: Unknown registry data type -- File not found >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] >
< >
< ========== Firewall Settings ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] >
< "EnableFirewall" = 1 >
< "DisableNotifications" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] >
< "EnableFirewall" = 1 >
< "DisableNotifications" = 0 >
< "DoNotAllowExceptions" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] >
< "EnableFirewall" = 1 >
< "DisableNotifications" = 0 >
< >
< ========== Authorized Applications List ========== >
Invalid Switch: color]
< >
< >
< ========== Vista Active Open Ports Exception List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
< "{0D9B4809-3C10-48A0-86DD-A9D68C16158E}" = lport=2869 | protocol=6 | dir=in | app=system | >
< "{0FCE8EA4-5A54-4FC3-8A0D-8486C70E38D3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{1C2613BF-DB3B-481B-824F-F444735F2065}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{1DAF50E7-66FA-4EA6-92FA-01A757C3AAF2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{251EDEB5-2A39-43F8-A714-A493E70139C8}" = rport=2869 | protocol=6 | dir=out | app=system | >
< "{272BB308-8136-4ACE-A25D-505C1736DAFF}" = rport=138 | protocol=17 | dir=out | app=system | >
< "{2852C818-DBC1-4077-8BDB-339882BF9F0D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | >
< "{303BFC98-4B6E-4E7F-9EC8-18B6733318BA}" = lport=137 | protocol=17 | dir=in | app=system | >
< "{3472435E-862A-4AD5-9817-C7E76C79327C}" = rport=139 | protocol=6 | dir=out | app=system | >
< "{41EC8C7C-4EB6-4A36-BC3E-2AB7C49D6504}" = lport=139 | protocol=6 | dir=in | app=system | >
< "{45D9225D-0869-4E61-A5AD-480FB8EBAD5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | >
< "{4C73AA3E-46A1-4E60-A87E-E7C3591ACBE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{519048E3-E92D-4FE8-8E77-BC867E520AC7}" = lport=445 | protocol=6 | dir=in | app=system | >
< "{622F7AD9-C9E6-4B06-AA3B-CF692E7E1F86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{70A0FE2F-1909-4D50-BFE6-EAC614C7F8ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | >
< "{70A6DC16-3F97-4BCF-AB07-5D24DB8B1CFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{743AF950-41D0-4D50-8CC0-46CC91F0426C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{7B2DA271-4E87-4919-8325-2CDEE87C5BF9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{80C4FDC5-302B-47AC-9F64-74E851BCA6CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{9128684C-16A4-4119-8593-384A483943B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{9EC9ED5A-AD8C-4B96-B2C3-B9B89DCEEBEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | >
< "{9F97E44F-97DD-4B80-8BCB-AFE19D338420}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | >
< "{AF146322-4DE8-4397-927D-1D765C14E1F2}" = lport=138 | protocol=17 | dir=in | app=system | >
< "{AF368118-676E-4635-B1B7-40773EB15B68}" = lport=2869 | protocol=6 | dir=in | app=system | >
< "{B31EF848-62D4-40B3-8C1D-FE6D5F8EFD07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{B71B8723-F33B-462B-8BD7-AC396ED055ED}" = lport=10243 | protocol=6 | dir=in | app=system | >
< "{BB83EA0F-F607-424A-A5E2-0AC4809B1FBA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{BFF75083-C503-45D2-893B-DE712D2DF3C9}" = rport=10243 | protocol=6 | dir=out | app=system | >
< "{C4E0D738-0F5B-43AE-B469-3A2339CF06E2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | >
< "{CB31EF3A-B696-468A-80F0-331149004040}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{D2DC29FE-EEB7-48E0-8731-8EBDA4FE55C1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{DDAD6306-A4DF-42E1-AF64-791C8A8584BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{F3870119-316B-48F4-97EB-0E9BDF22AB6E}" = rport=445 | protocol=6 | dir=out | app=system | >
< "{FC254C88-FBCB-4EB3-A89E-9F606968C41D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{FDE941C5-E23B-4E13-AE04-883A00B2D551}" = rport=137 | protocol=17 | dir=out | app=system | >
< >
< ========== Vista Active Application Exception List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
< "{05631F0B-25C3-4580-B273-A2A08B876E22}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "{06F51380-D15C-44F9-9D6B-18B1021DF3B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{0B3FB531-88B5-4287-8A5D-A5B1A05C42A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | >
< "{0CE85B40-803B-4934-8904-1AA3B46888BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | >
< "{192E6FA6-04F6-4AD6-B000-D19E813DD0BF}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | >
< "{1E513480-9351-4676-ACA8-E80A130AA559}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | >
< "{25D975CA-CC61-428D-ACBC-404F144C4D35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | >
< "{2843DD70-543B-48EC-8878-9BB8B7863478}" = protocol=6 | dir=out | app=system | >
< "{2AEB4CB7-B090-4631-AAB9-C88CE37C87B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{33B7B956-0B56-4018-B4A4-D4EE7EF0A9EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | >
< "{40ED6370-A2F9-4F2E-A90F-0C4FF9A46088}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{4811F408-21D1-4FE1-AE2D-11019AA78FBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{4D567261-C083-4A49-9779-95C64FE14F65}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "{552BEFFF-CBF9-4971-9F96-D1F318F34D4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{5DF15C1A-D3F2-4DC3-AA78-272986B255E9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{66EF07A6-FEC9-4AF1-9EF0-B83FCA3CD451}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | >
< "{73EFEEB2-8950-423C-A3DC-223EA4B559B1}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | >
< "{92BDF649-6CAF-42DA-946A-3E7864120D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{96C46653-DAA7-4798-8203-70B5779F1429}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | >
< "{97C617FA-8EEC-46A3-B673-ECDC06265611}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{980E6C9E-DE66-44CC-81DA-9EFBE2AB0D67}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | >
< "{A7520AED-B486-4BFA-8415-E161F53A9F6C}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | >
< "{C06D0C95-BD82-4640-BE21-A03DFD8E40FD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | >
< "{CD598967-90BD-4632-B7F2-BC2F92D7075E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{CF17CA4C-2B5B-447A-BE89-4D25FD168797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | >
< "{D143C24E-1151-417F-8271-9EBBC53F3B7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{D2ED002D-A4E2-4E3D-BA11-67CAD90311F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{D9C00D5A-7C1E-4197-A513-B54E43786F41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "{E51726D7-5330-4692-AE75-78E00B16E72C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{EB667932-C450-4744-8957-2100F1A969E4}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | >
< "{F3B057A5-8579-46D7-A76F-7C085665057E}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | >
< "{FB5478A8-7728-4511-B993-1BE59E295921}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "TCP Query User{1B64E226-5666-49AC-BAF2-CD088E3BFA95}C:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | >
< "TCP Query User{49D2679C-2B27-4BF0-B39C-778560886E67}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | >
< "UDP Query User{3E36E3EE-7D92-49E1-8FE3-B78414241794}C:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | >
< "UDP Query User{460AC53A-917A-45FF-91DC-91B7D605C356}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | >
< >
< ========== HKEY_LOCAL_MACHINE Uninstall List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 >
< "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium >
< "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu >
< "{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office >
< "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 >
< "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin >
< "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate >
< "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 >
< "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime >
< "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 >
< "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 >
< "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 >
< "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card >
< "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup >
< "{394C4F1B-8C88-404C-B644-58203570EEDB}" = MainConcept MPEG2 Software Encoder >
< "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile >
< "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5 >
< "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 >
< "{461A4763-28B5-425A-AE3D-B9B54EDF0F21}" = CIB pdf brewer >
< "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater >
< "{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1 >
< "{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300 >
< "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml >
< "{5F6A846C-1CBA-407F-839C-DC0204547F13}" = EuroRoute 2008 >
< "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers >
< "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update >
< "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime >
< "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec >
< "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour >
< "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 >
< "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 >
< "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE >
< "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable >
< "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04 >
< "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper >
< "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch >
< "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 >
< "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy >
< "{CE20056B-01FD-4AC1-BC39-8138CA301031}" = Nero 8 Essentials >
< "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 >
< "{D341C705-A763-4DC0-A3B6-EA13E34ADE9E}" = USB Flachbettscanner >
< "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional >
< "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade >
< "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support >
< "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 >
< "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver >
< "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager >
< "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes >
< "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
< "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 >
< "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) >
< "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX >
< "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin >
< "Audiograbber" = Audiograbber 1.83 SE >
< "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus >
< "C2F5DF4DBA55AD4D004E4EDA0406903C1643F8E0" = Windows-Treiberpaket - PEGATRON GROUP (NxpCap) MEDIA (09/22/2008 1.0.5.25) >
< "Catan - Staedte und Ritter" = Catan - Städte und Ritter >
< "Chipgames Kartenspiele" = Chipgames Kartenspiele >
< "conduitEngine" = Conduit Engine >
< "Google Chrome" = Google Chrome >
< "LIDL Fotoservice_is1" = LIDL Fotoservice >
< "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU >
< "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 >
< "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile >
< "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
< "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) >
< "NCH_DE Toolbar" = NCH DE Toolbar >
< "NVIDIA Drivers" = NVIDIA Drivers >
< "RealPlayer 12.0" = RealPlayer >
< "Samsung CLX-3170 Series" = Samsung CLX-3170 Series >
< "SmarThru PC Fax" = SmarThru PC Fax >
< "Switch" = Switch Audiodatei-Konverter >
< "Werkstatt Geschichte 2" = Werkstatt Geschichte 2 >
< "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 >
< "ZDFmediathek_is1" = ZDFmediathek Version 2.1.5 >
< >
< ========== HKEY_CURRENT_USER Uninstall List ========== >
Invalid Switch: color]
< >
< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< >
< ========== Last 10 Event Log Errors ========== >
Invalid Switch: color]
< >
< [ Application Events ] >
< Error - 09.02.2011 12:01:10 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 09.02.2011 12:01:10 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 09.02.2011 12:06:34 | Computer Name = Theda | Source = Application Error | ID = 1000 >
< Description = Fehlerhafte Anwendung Scan2Pc.exe, Version 2.3.0.0, Zeitstempel 0x4883ebe1, >
< fehlerhaftes Modul NetModule.dll, Version 1.0.0.2, Zeitstempel 0x484d25be, Ausnahmecode >
< 0xc0000005, Fehleroffset 0x00003b7f, Prozess-ID 0xfc4, Anwendungsstartzeit 01cbc8729ce0e1a0. >
< >
< Error - 10.02.2011 11:26:25 | Computer Name = Theda | Source = WinMgmt | ID = 10 >
< Description = >
< >
< Error - 10.02.2011 11:26:37 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 10.02.2011 11:26:37 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 10.02.2011 14:01:21 | Computer Name = Theda | Source = Application Error | ID = 1000 >
< Description = Fehlerhafte Anwendung Scan2Pc.exe, Version 2.3.0.0, Zeitstempel 0x4883ebe1, >
< fehlerhaftes Modul NetModule.dll, Version 1.0.0.2, Zeitstempel 0x484d25be, Ausnahmecode >
< 0xc0000005, Fehleroffset 0x00003b7f, Prozess-ID 0xb3c, Anwendungsstartzeit 01cbc936f8d2b969. >
< >
< Error - 11.02.2011 05:22:18 | Computer Name = Theda | Source = WinMgmt | ID = 10 >
< Description = >
< >
< Error - 11.02.2011 05:22:29 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 11.02.2011 05:22:29 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< [ Media Center Events ] >
< Error - 27.11.2010 08:19:56 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (4956.1128) >
< >
< Error - 27.11.2010 08:19:56 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (4956.1129) >
< >
< Error - 08.12.2010 12:22:31 | Computer Name = Theda | Source = ehRecvr | ID = 3 >
< Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 7231 BDA >
< Analog TV Tuner >
< >
< Error - 08.12.2010 12:23:37 | Computer Name = Theda | Source = ehRecvr | ID = 3 >
< Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 7231 BDA >
< Analog TV Tuner >
< >
< Error - 30.03.2011 12:23:29 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (1408.1128) >
< >
< Error - 30.03.2011 12:23:29 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (1408.1129) >
< >
< Error - 30.03.2011 12:23:34 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (1408.1128) >
< >
< Error - 30.03.2011 12:23:34 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (1408.1129) >
< >
< Error - 07.04.2011 13:59:05 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (5520.1128) >
< >
< Error - 07.04.2011 13:59:05 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (5520.1129) >
< >
< [ System Events ] >
< Error - 01.03.2012 10:59:31 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
< Description = >
< >
< Error - 01.03.2012 13:16:24 | Computer Name = Theda | Source = HTTP | ID = 15016 >
< Description = >
< >
< Error - 01.03.2012 13:16:24 | Computer Name = Theda | Source = Microsoft-Windows-TaskScheduler | ID = 412 >
< Description = >
< >
< Error - 01.03.2012 13:16:32 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
< Description = >
< >
< Error - 01.03.2012 13:16:32 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
< Description = >
< >
< Error - 01.03.2012 15:05:34 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
< >
< Error - 01.03.2012 15:13:10 | Computer Name = Theda | Source = PlugPlayManager | ID = 11 >
< Description = Das Gerät "Root\LEGACY_SMR250\0000" wurde ohne vorbereitende Maßnahmen >
< vom System entfernt. >
< >
< Error - 01.03.2012 15:13:22 | Computer Name = Theda | Source = ipnathlp | ID = 31004 >
< Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet >
< werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner >
< Fehler ist im Speicher-Manager aufgetreten. >
< >
< Error - 01.03.2012 15:20:10 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
< >
< Error - 01.03.2012 15:32:18 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
< >
< >
< < End of report >
--- --- --- > < End of report > |
|
02.03.2012, 13:20
| #10 |
| /// Malware-holic | BKA-Trojaner auf dem pc oder nicht? mach mal bitte trotzdem weiter mit combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu BKA-Trojaner auf dem pc oder nicht? |
| absolute, antwort, arten, ausführliche, bka-trojaner, folge, folgende, folgenden, forum, frage, gesperrt, gestern, möglicherweise, neu, nichts, pc läuft, rechner, rechners, schei, starte, starten, version, zunächst |
Linear-Darstellung
