|
Log-Analyse und Auswertung: Windows Verschlüsselungstrojaner hat mich erwischtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.05.2012, 11:46 | #1 |
| Windows Verschlüsselungstrojaner hat mich erwischt Hallo allerseits, mich hat heute auch ein Verschlüsselungstrojaner erwischt (wie einige andere wohl auch). Der Trojaner war versteckt in einer mail zu einer dubiosen Zahlungsaussforderung mit Anhang. Ich *Schaf* habe natürlich den Anhang versucht zu öffnen. Nach einigen Minuten wurde mein Bildschirm dunkel und ein Fenster mit einer Zahlungsaufforderung von 100 Euro wurde eingeblendet mit der Begründung ich hätte einen Trojaner und Windows wäre aus Sicherheitsgründen verschlüsselt (256Bit Verschlüsselung). WEnn ich zahlen würde, wird die Verschlüsselung aufgehoben. *Ich glaube denen brennt der Kittel!* Zum Glück habe ich noch einen zweiten Rechner zu Hand- ohne Trojaner. Ich habe mir dann das OTLPE. exe auf den infizierten Rechner gespielt und kann somit hier schon mal die OTL.txt und Extras.txt Dateien posten. Ich muss dazu sagen , ich bin nicht so der PC- Crack und stehe jetzt ziemlich ratlos vor der Bescherung... Kann mir jemand von den Super Cracks weiterhelfen? Bitte:-) |
19.05.2012, 11:31 | #2 | ||||
/// Helfer-Team | Windows Verschlüsselungstrojaner hat mich erwischt Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
1. Zitat:
Code:
ATTFilter :OTL IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5cc463f8000000000000001e37a7db41&tlver=1.4.19.19&ss=1&affID=17395 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\Anke_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\Anke_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O4 - HKU\Administrator_ON_C..\Run: [5CC463F8] C:\WINDOWS\system32\5D1017FE5CC463F8F675.exe () O4 - HKU\Anke_ON_C..\Run: [] File not found O4 - HKU\Gast_ON_C..\Run: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\5D1017FE5CC463F8F675.exe) - C:\WINDOWS\system32\5D1017FE5CC463F8F675.exe () O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/12/21 03:55:47 | 000,000,100 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{ad4ce00d-45e1-11dd-9426-001a73f55801}\Shell - "" = Autorun O33 - MountPoints2\{ad4ce00d-45e1-11dd-9426-001a73f55801}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ad4ce00d-45e1-11dd-9426-001a73f55801}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KAV.EXE /s O33 - MountPoints2\{ad4ce00d-45e1-11dd-9426-001a73f55801}\Shell\browse\command - "" = F:\KAV.EXE /s O33 - MountPoints2\{ad4ce00d-45e1-11dd-9426-001a73f55801}\Shell\explorer\command - "" = F:\KAV.EXE /s O33 - MountPoints2\{ad4ce00d-45e1-11dd-9426-001a73f55801}\Shell\open\command - "" = F:\KAV.EXE /s O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [2012/05/18 07:07:52 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/05/18 04:28:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/05/18 03:16:49 | 000,072,704 | -H-- | M] () -- C:\WINDOWS\System32\5D1017FE5CC463F8F675.exe [1601/02/13 04:28:18 | 000,009,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\NTsaVysvLfglttJp [1601/02/13 04:28:18 | 000,001,485 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\gXuadqsvnVgDxoaNq [1601/02/13 04:28:18 | 000,000,982 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ypyqQuUUDDnLrrss [1601/02/13 04:28:18 | 000,000,944 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\DVsDeALQJtdpTn [1601/02/13 04:28:18 | 000,000,692 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\prDOdoueyfXJGAgaEserV [1601/02/13 04:28:18 | 000,000,354 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\OfLeNydulGAXJL [1601/02/13 04:28:18 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\qlqyNQstlanLvrf [1601/02/13 04:28:18 | 000,000,270 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ljdOssLpNjxvTdq [1601/02/13 04:28:18 | 000,000,125 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DGlXnnuNUUTDAArvtssao [1601/02/13 04:28:18 | 000,000,105 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\dgsqfXJxjOaEseNfnvlA :Files C:\WINDOWS\system32\5D1017FE5CC463F8F675.exe C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Cempnqy C:\WINDOWS\System32\winsh325 C:\WINDOWS\System32\winsh324 C:\WINDOWS\System32\winsh323 C:\WINDOWS\System32\winsh322 C:\WINDOWS\System32\winsh321 C:\WINDOWS\System32\winsh320 ipconfig /flushdns /c :Commands [purity] [emptytemp]
2. Boote neu und schaue nach, ob Du schon im normalen Modus arbeiten kannst? wenn ja, so geht es weiter: 3. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
4. Am besten alle verschlüsselten Daten extern sichern (auf leere USB-Stick oder ext. Festplatte). Dann mit Entschlüsselung beginnen. Also am Computer sollen die geänderten Daten um Nummer sicher zu gehen zuerst unberührt bleiben Wenn alles gut geht, kannst Du dann am PC weiter machen 5. Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html ► SemperVideo hat ein Video zum Thema erstellt. 6. Systemscan mit OTL - nicht mehr das OTLPE starten! Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
7. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
22.05.2012, 10:22 | #3 |
| Windows Verschlüsselungstrojaner hat mich erwischt Hallo Kira!
__________________Zunächst mal tausend Dank für die umfangreiche Antwort! Zu Punkt 1/2: Ich habe mit dem Fix in OLPE den Rechner wieder unter Windows XP im normalen Modus starten können! Toll:-) Zu Punkt 3/4/5: Dann - wie beschrieben- mit dem Programm "Malewarebytes- Anti- Maleware" den scan gemacht. Es gab zwei Funde, die ich dann auch gelöscht habe. Ich poste den log noch extra weil ich ihn leider grade nicht zur Hand habe. Dann habe ich meine verschlüsselten Dateien (heissen jetzt zb. GNXyGpQVyJsofe oder JlNlLtpNxqQpyUeQV ohne eine Dateiendung) auf eine externe Festplatte übertragen. Habe versucht, sie mit dem decrypthelper von Mattias und auch mit mit Avira-RansomFileUnlocker zu entschlüsseln. Das ist mir allerdings nicht gelungen. Ich wähle die verschlüsselte Datei aus und die selbe- dazu passende- unverschlüsselte Datei aber ich bekomme immer wieder die Meldung (im decrypthelper) "Schlüssel kann nicht erzeugt werden". Mache ich was falsch? Zu Punkt 6: Einen Systemscan mit OTL habe ich auch gemacht. Hier die log dateien: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.05.2012 08:01:19 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = G:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 48,96% Memory free 3,72 Gb Paging File | 2,90 Gb Available in Paging File | 77,80% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 138,27 Gb Total Space | 66,74 Gb Free Space | 48,27% Space Free | Partition Type: NTFS Drive E: | 10,78 Gb Total Space | 0,44 Gb Free Space | 4,08% Space Free | Partition Type: NTFS Drive F: | 298,01 Gb Total Space | 51,65 Gb Free Space | 17,33% Space Free | Partition Type: FAT32 Drive G: | 1,83 Gb Total Space | 1,29 Gb Free Space | 70,45% Space Free | Partition Type: FAT32 Computer Name: PC279312431166 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.22 08:08:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- G:\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.20 08:23:23 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012.01.08 16:59:49 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2011.10.12 18:24:22 | 000,073,728 | ---- | M] (ProQuest Business Solutions) -- C:\Programme\BHPS\Gmg\bin\DBMonService.exe PRC - [2011.10.12 18:24:17 | 000,380,928 | ---- | M] (Transaction Software, D 81737 Munich) -- C:\Programme\BHPS\Gmg\bin\tbmux32.exe PRC - [2011.10.12 18:24:01 | 000,069,632 | ---- | M] (ProQuest Business Solutions) -- C:\Programme\BHPS\Gmg\bin\TomcatMonService.exe PRC - [2011.10.12 18:23:23 | 000,069,632 | ---- | M] (ProQuest Business Solutions) -- C:\Programme\BHPS\Pmap1\bin\MapperMonService.exe PRC - [2011.06.16 16:21:06 | 001,500,160 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2011.06.08 15:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2011.06.08 14:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2011.04.26 16:00:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE PRC - [2011.03.21 14:19:36 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.10.29 15:03:34 | 000,159,744 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclBCBTSrv.exe PRC - [2008.12.01 17:25:23 | 000,028,779 | ---- | M] () -- C:\Programme\BHPS\JRE142\bin\javaw.exe PRC - [2008.12.01 17:25:23 | 000,024,681 | ---- | M] () -- C:\Programme\BHPS\JRE142\bin\java.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.07.27 02:18:56 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0\bin\java.exe PRC - [2007.04.19 13:35:46 | 000,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2007.04.19 13:26:52 | 000,484,904 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe PRC - [2007.03.29 17:50:50 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2007.02.07 03:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe PRC - [2007.01.24 15:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe PRC - [2007.01.09 15:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.10.09 11:23:06 | 000,697,976 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe PRC - [2006.02.19 03:41:10 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe PRC - [1999.03.23 20:07:08 | 000,004,096 | ---- | M] () -- C:\Programme\cosids\Apache Group\Apache\ApchT2kW.exe ========== Modules (No Company Name) ========== MOD - [2012.05.14 12:48:22 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll MOD - [2012.05.13 12:36:41 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.13 12:33:55 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.13 12:33:46 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll MOD - [2012.05.13 12:33:27 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll MOD - [2012.05.13 12:31:34 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.13 12:31:22 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.13 12:30:16 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012.05.13 12:30:13 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011.04.07 17:43:24 | 008,191,488 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll MOD - [2011.04.07 17:43:22 | 002,296,320 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011.02.22 21:13:22 | 000,022,016 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2011.02.22 21:12:54 | 000,196,608 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2011.02.22 18:39:06 | 000,276,480 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2011.02.22 18:07:20 | 000,339,968 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2009.03.09 18:30:38 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.09 18:30:33 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.12.01 17:25:23 | 000,102,515 | ---- | M] () -- C:\Programme\BHPS\JRE142\bin\java.dll MOD - [2008.12.01 17:25:23 | 000,057,455 | ---- | M] () -- C:\Programme\BHPS\JRE142\bin\net.dll MOD - [2008.12.01 17:25:23 | 000,057,453 | ---- | M] () -- C:\Programme\BHPS\JRE142\bin\verify.dll MOD - [2008.12.01 17:25:23 | 000,053,364 | ---- | M] () -- C:\Programme\BHPS\JRE142\bin\zip.dll MOD - [2008.12.01 17:25:23 | 000,028,791 | ---- | M] () -- C:\Programme\BHPS\JRE142\bin\hpi.dll MOD - [2008.12.01 17:25:23 | 000,028,779 | ---- | M] () -- C:\Programme\BHPS\JRE142\bin\javaw.exe MOD - [2008.12.01 17:25:23 | 000,024,681 | ---- | M] () -- C:\Programme\BHPS\JRE142\bin\java.exe MOD - [2008.12.01 17:25:22 | 001,212,546 | ---- | M] () -- C:\Programme\BHPS\JRE142\bin\client\jvm.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.07.27 01:51:46 | 001,671,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34886__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2007.07.27 01:51:46 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2589.35106__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2007.07.27 01:51:46 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34839__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2007.07.27 01:51:46 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34900__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2007.07.27 01:51:46 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.35144__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2007.07.27 01:51:46 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.35129__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2007.07.27 01:51:46 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.35080__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2007.07.27 01:51:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34876__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2007.07.27 01:51:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34898__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2007.07.27 01:51:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34860__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2007.07.27 01:51:46 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.35011__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2007.07.27 01:51:44 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.35177__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2007.07.27 01:51:04 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.35183__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:04 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2589.34892__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:04 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34854__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2589.34891__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2007.07.27 01:51:03 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.35024__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:03 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.35114__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2007.07.27 01:51:03 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.35093__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:03 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34907__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:03 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2589.35075__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:03 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.35045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:03 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.35098__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2007.07.27 01:51:03 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.35090__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2007.07.27 01:51:03 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2589.35080__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll MOD - [2007.07.27 01:51:03 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.35020__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2007.07.27 01:51:03 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.35044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2007.07.27 01:51:02 | 000,909,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.35137__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:02 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2589.35085__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:02 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34915__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:02 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.35014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:02 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34863__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:02 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.35069__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2007.07.27 01:51:02 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34923__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2007.07.27 01:51:02 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.35012__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2007.07.27 01:51:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.35019__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2007.07.27 01:51:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34921__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2007.07.27 01:51:02 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.35066__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2007.07.27 01:51:01 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll MOD - [2007.07.27 01:51:01 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2007.07.27 01:51:01 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2007.07.27 01:51:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll MOD - [2007.07.27 01:51:01 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2007.07.27 01:51:01 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2007.07.27 01:51:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2007.07.27 01:51:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2007.07.27 01:51:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2007.07.27 01:51:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2007.07.27 01:51:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll MOD - [2007.07.27 01:51:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2007.07.27 01:51:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll MOD - [2007.07.27 01:51:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll MOD - [2007.07.27 01:51:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll MOD - [2007.07.27 01:51:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2007.07.27 01:51:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2007.07.27 01:51:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2007.07.27 01:51:01 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2007.07.27 01:51:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll MOD - [2007.07.27 01:51:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll MOD - [2007.07.27 01:51:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2007.07.27 01:51:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2007.07.27 01:51:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2007.07.27 01:50:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.35208__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2007.07.27 01:50:51 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34870__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2007.07.27 01:50:51 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.35160__90ba9c70f846762e\MOM.Implementation.dll MOD - [2007.07.27 01:50:51 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34837__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2007.07.27 01:50:51 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.35158__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2007.07.27 01:50:51 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2007.07.27 01:50:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2007.07.27 01:50:51 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2007.07.27 01:50:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2007.07.27 01:50:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2007.07.27 01:50:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2007.07.27 01:50:50 | 001,404,928 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34848__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2007.07.27 01:50:50 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34838__90ba9c70f846762e\ATIDEMOS.dll MOD - [2007.07.27 01:50:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2007.07.27 01:50:50 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2589.34836__90ba9c70f846762e\AEM.Server.dll MOD - [2007.07.27 01:50:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2007.07.27 01:50:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.07.27 01:50:50 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.35160__90ba9c70f846762e\CCC.Implementation.dll MOD - [2007.02.16 17:40:42 | 005,521,408 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll MOD - [2007.02.16 17:40:40 | 001,466,368 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll MOD - [2007.02.15 16:37:00 | 000,446,464 | ---- | M] () -- C:\WINDOWS\SMINST\naspp.dll MOD - [2006.10.09 11:23:06 | 000,697,976 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe MOD - [2005.06.02 13:40:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\vsmon1.dll MOD - [2001.09.06 16:58:48 | 000,119,808 | ---- | M] () -- c:\Programme\cosids\Apache Group\Apache\modules\T2KApacheModuleJServ.dll MOD - [2001.01.15 09:35:42 | 000,269,824 | ---- | M] () -- C:\Programme\cosids\Apache Group\Apache\ApacheCore.dll MOD - [1999.03.23 20:07:08 | 000,004,096 | ---- | M] () -- C:\Programme\cosids\Apache Group\Apache\ApchT2kW.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2012.05.05 08:15:38 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.12 18:24:22 | 000,073,728 | ---- | M] (ProQuest Business Solutions) [Auto | Running] -- C:\Programme\BHPS\Gmg\bin\DBMonService.exe -- (pqeauto.database.dbmonitor.GMG) SRV - [2011.10.12 18:24:01 | 000,069,632 | ---- | M] (ProQuest Business Solutions) [Auto | Running] -- C:\Programme\BHPS\Gmg\bin\TomcatMonService.exe -- (pqeauto.engine.tomcatmonitor.GMG) SRV - [2011.10.12 18:23:23 | 000,069,632 | ---- | M] (ProQuest Business Solutions) [Auto | Running] -- C:\Programme\BHPS\Pmap1\bin\MapperMonService.exe -- (pqeauto.energy.mappermonitor) SRV - [2011.06.08 14:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2007.04.19 13:35:46 | 000,075,304 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007.03.29 17:50:50 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2007.02.07 03:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.06.22 07:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2001.11.20 15:37:06 | 000,165,376 | ---- | M] (TransAction Software, D 81737 Munich) [Auto | Stopped] -- C:\Programme\cosids\bin\tbmux32.exe -- (COSIDS_TB) SRV - [2001.10.22 04:20:00 | 000,126,976 | ---- | M] (Rainbow Technologies) [Auto | Stopped] -- C:\WINDOWS\system32\spnsrvnt.exe -- (SuperProServer) SRV - [1999.03.23 20:07:08 | 000,004,096 | ---- | M] () [Auto | Running] -- C:\Programme\cosids\Apache Group\Apache\ApchT2kW.exe -- (TIS 2000 Apache Web Server) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.05.22 07:04:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.21 17:06:22 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.05.07 03:00:06 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007.04.10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007.03.29 16:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2007.02.27 12:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM) DRV - [2007.02.14 16:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007.02.14 16:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007.02.14 16:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007.02.14 16:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007.02.14 16:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007.02.07 11:23:20 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2007.02.07 11:22:46 | 000,100,495 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2007.02.02 18:03:26 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006.11.02 01:47:28 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006.10.09 13:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2006.09.19 18:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006.07.24 01:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2006.07.24 01:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005.09.19 14:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2005.09.19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001.04.06 08:11:00 | 000,073,216 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\..\SearchScopes,DefaultScope = {7F68E687-752F-46E8-894E-1CC1F48B713C} IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5cc463f8000000000000001e37a7db41&tlver=1.4.19.19&ss=1&affID=17395 IE - HKCU\..\SearchScopes\{7F68E687-752F-46E8-894E-1CC1F48B713C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GGLL_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6i: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.12.02 06:13:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.18 10:02:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Programme\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.12.13 16:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.03.23 11:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\lknc5bzw.default\extensions [2012.05.18 09:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\lknc5bzw.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.03.23 11:58:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\lknc5bzw.default\extensions\ffxtlbr@babylon.com [2012.01.22 10:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.07 13:51:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} O1 HOSTS File: ([2004.08.04 10:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CognizanceTS] C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe () O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0\bin\jusched.exe File not found O4 - HKLM..\Run: [TkBellExe] C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe File not found O4 - HKCU..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class) O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} hxxp://vanmappub.vancouver.ca/download/mgaxctrl.cab (Autodesk MapGuide ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241330534025 (MUWebControl Class) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://fdata.over-blog.com/99/00/00/03/js/javauploader/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB5EC73C-FF95-4EE7-B0CE-64C7C6DA5CB6}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\OneCard: DllName - (C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll) - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001.07.28 01:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.12.21 09:55:47 | 000,000,100 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.21 16:26:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.05.21 16:25:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2012.05.21 16:25:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.05.21 16:25:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.05.21 16:25:01 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.05.21 16:25:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.05.21 16:24:37 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.61.0.1400.exe [2012.05.19 18:47:22 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware [2012.05.18 18:56:15 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2012.05.18 18:56:12 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.18 09:16:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinZip [2012.05.14 16:53:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Audible [2012.05.14 16:53:38 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax [2012.05.14 16:53:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AudibleManager [2012.05.14 16:53:06 | 000,000,000 | ---D | C] -- C:\Programme\Audible [2012.05.14 16:53:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Audible [2012.05.14 16:53:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Audible [2012.05.05 08:15:34 | 004,126,880 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe ========== Files - Modified Within 30 Days ========== [2012.05.22 07:15:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.05.22 07:07:58 | 000,042,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.22 07:04:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.05.21 18:21:53 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-230110641-146516293-310475592-500.job [2012.05.21 18:21:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.05.21 18:21:44 | 2012,532,736 | -HS- | M] () -- C:\hiberfil.sys [2012.05.21 16:25:09 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.21 16:22:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.05.19 11:47:28 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup-1.61.0.1400.exe [2012.05.19 09:41:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.05.18 09:16:21 | 000,001,500 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk [2012.05.18 09:16:21 | 000,000,708 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WinZip.lnk [2012.05.18 09:14:12 | 000,002,593 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Outlook 2010.lnk [2012.05.18 08:23:30 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-230110641-146516293-310475592-500.job [2012.05.14 16:53:42 | 000,001,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Audible Manager.lnk [2012.05.14 16:53:38 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax [2012.05.14 12:41:17 | 001,685,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.13 12:30:47 | 000,488,260 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.05.13 12:30:47 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.05.13 12:30:47 | 000,096,068 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.05.13 12:30:47 | 000,072,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.05.13 12:26:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.05.08 12:33:34 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Word 2010.lnk [2012.05.05 08:15:36 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.05.05 08:15:36 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.05.05 08:15:34 | 004,126,880 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012.04.27 06:58:26 | 000,002,491 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Excel 2010.lnk ========== Files Created - No Company Name ========== [2012.05.21 16:25:09 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.14 16:53:42 | 000,001,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Audible Manager.lnk [2012.02.16 08:06:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.03.23 11:57:10 | 000,000,273 | ---- | C] () -- C:\WINDOWS\Clony2.ini [2010.06.25 20:48:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat ========== LOP Check ========== [2009.12.12 01:49:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Acreon [2011.11.23 11:27:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Amazon [2012.05.18 09:43:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Audacity [2011.03.23 12:11:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BabylonToolbar [2012.05.18 09:43:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BayOrganizer [2012.05.18 09:43:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BOM [2008.05.03 10:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\digital publishing [2012.05.18 09:43:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\eXPert PDF Editor [2011.01.07 17:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0 [2008.07.08 22:58:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InterVideo [2011.10.22 12:08:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MAGIX [2010.05.31 17:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia [2010.02.23 11:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NVD [2012.03.14 09:41:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite [2008.03.08 19:49:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView [2008.10.05 11:19:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Scooter Software [2010.11.03 07:49:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SoftGrid Client [2010.02.23 11:30:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TP [2010.08.25 20:25:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search [2010.08.26 08:21:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Search [2012.05.18 09:43:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WordToPDF [2010.02.23 15:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz [2012.05.18 10:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF 5 [2011.12.02 06:07:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2011.12.10 11:22:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2012.05.18 10:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpDRM [2009.04.27 06:38:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2011.03.06 12:11:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2010.02.23 15:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2008.07.07 12:11:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.05.18 10:03:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2012.05.18 10:03:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} ========== Purity Check ========== < End of report > der extras.log: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.05.2012 08:01:19 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = G:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 48,96% Memory free 3,72 Gb Paging File | 2,90 Gb Available in Paging File | 77,80% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 138,27 Gb Total Space | 66,74 Gb Free Space | 48,27% Space Free | Partition Type: NTFS Drive E: | 10,78 Gb Total Space | 0,44 Gb Free Space | 4,08% Space Free | Partition Type: NTFS Drive F: | 298,01 Gb Total Space | 51,65 Gb Free Space | 17,33% Space Free | Partition Type: FAT32 Drive G: | 1,83 Gb Total Space | 1,29 Gb Free Space | 70,45% Space Free | Partition Type: FAT32 Computer Name: PC279312431166 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader "6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader "1119:TCP" = 1119:TCP:*:Enabled:Blizzrad Downloader "6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader "6999:TCP" = 6999:TCP:*:Enabled:Blizzard Downloader ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\SW\Sw.exe" = C:\SW\Sw.exe:*:Enabled:Sw -- () "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer "C:\Programme\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Programme\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Dokumente und Einstellungen\Administrator\Desktop\World of Warcraft Trial\WoW-3.0.3.9192-to-3.0.8.9464-deDE-downloader.exe" = C:\Dokumente und Einstellungen\Administrator\Desktop\World of Warcraft Trial\WoW-3.0.3.9192-to-3.0.8.9464-deDE-downloader.exe:*:Enabled:Blizzard Downloader "C:\Dokumente und Einstellungen\Administrator\Desktop\World of Warcraft Trial\BackgroundDownloader.exe" = C:\Dokumente und Einstellungen\Administrator\Desktop\World of Warcraft Trial\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader "C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 561d22b0\Launcher.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 561d22b0\Launcher.exe:*:Enabled:Blizzard Launcher "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 19d1aa38\Launcher.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 19d1aa38\Launcher.exe:*:Enabled:Blizzard Launcher "C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Programme\World of Warcraft\WoW-3.3.3.11685-to-3.3.3.11723-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.3.3.11685-to-3.3.3.11723-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Programme\World of Warcraft\WoW-3.3.5.12340-x86-Win-deDE-BKGND-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.3.5.12340-x86-Win-deDE-BKGND-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour "C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process "C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Disabled:Nokia Software Updater "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\WZSE0.TMP\symnrt.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\WZSE0.TMP\symnrt.exe:*:Disabled:Symantec Removal Utility "C:\Programme\World of Warcraft\Launcher.patch.exe" = C:\Programme\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher "C:\Programme\World of Warcraft\Blizzard Downloader.exe" = C:\Programme\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader "C:\Programme\Microsoft Office\Office14\GROOVE.EXE" = C:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00020407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard "{02892741-0201-BCB5-C2EC-1ACC90606E0A}" = Catalyst Control Center Localization Dutch "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{07DEF940-7355-50C9-298F-38E8CE0EBDCA}" = Catalyst Control Center Graphics Light "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{08AE3CD6-E065-37AA-D2B3-07051D45286F}" = CCC Help Russian "{09258F12-48E7-B18E-C414-1F48C215685F}" = ccc-core-static "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow "{0B7BBC67-FFB4-3743-E3F8-03D1AF729B70}" = Catalyst Control Center Graphics Full New "{1293BBC6-2E1F-995B-4229-1ADA86E747D2}" = Catalyst Control Center Localization French "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1CF925D3-1E33-4447-889B-0751D2CF886D}" = Drive Encryption for HP ProtectTools "{1EDE8D45-7214-D099-53E7-749C1997329E}" = Catalyst Control Center Localization Chinese Standard "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{272A7F68-5DB1-0929-8FBF-B458D450FE14}" = Catalyst Control Center Localization Japanese "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK "{2FBAC41E-9400-9975-78F4-B4EFBE1FD8E2}" = Catalyst Control Center Localization German "{3110F6EA-EE42-C9C0-A177-860D75EDE636}" = Catalyst Control Center Localization Korean "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone "{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD "{3F92730A-794E-01FC-4EBC-766F4DCE5D67}" = CCC Help English "{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1 "{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard "{435D2D09-D775-FDA4-2610-EE044A8270E8}" = CCC Help Italian "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{47471E78-EFA2-D9A2-7D01-5B0D3931D140}" = CCC Help Hungarian "{4DBB9521-29F6-CE3D-FFE1-ADA665A0FB38}" = Catalyst Control Center Localization Chinese Traditional "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{53388D9F-0B31-B16D-2591-431837C84F8B}" = Catalyst Control Center Localization Finnish "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{541BFB68-41E7-1FB7-9718-27C46ED7B754}" = Catalyst Control Center Localization Portuguese "{572B04AD-8812-ABDD-E78D-761D413F8D53}" = Catalyst Control Center Localization Norwegian "{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6A1E7380-BE8C-A1F8-B94F-1D79A4C28985}" = CCC Help Japanese "{6BE58A52-CB03-E69E-FE6A-5E500C2A6D05}" = CCC Help Chinese Traditional "{6CE339FE-4FCB-CBCC-704C-092A044FA724}" = CCC Help Chinese Standard "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{70465DF9-5077-73E9-81F8-B7955DF74130}" = CCC Help Czech "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{73B591D7-32EF-9C1A-E2A9-D119390CBEF3}" = CCC Help German "{7669846A-8FE4-55CC-D2FD-7D8FB015450E}" = CCC Help Swedish "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{778AA054-858E-3997-AA10-F9B378AB1DEF}" = Catalyst Control Center Localization Russian "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{81242661-5588-E2AC-65FF-06CEF7527D61}" = Catalyst Control Center Localization Polish "{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{8E9C9687-4EA2-9459-DE69-4CE1414DB265}" = Catalyst Control Center Localization Hungarian "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{93A94664-6CB9-54E2-D2E2-0FC894F457CD}" = CCC Help Dutch "{941E6A4B-0B43-0875-2024-4F1A0FCE9293}" = CCC Help Danish "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy "{9A80B505-F97E-7813-A7DA-594CC6E20448}" = Catalyst Control Center Graphics Full Existing "{9FB73888-C6F3-7687-DEA1-66AFAE237A7D}" = CCC Help Norwegian "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AB105D15-5224-890B-7B28-1A4086C09F47}" = Catalyst Control Center Localization Greek "{AB232CC2-7F49-2F07-8979-EF16498603BF}" = Catalyst Control Center Localization Swedish "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B84C847D-F708-EFC4-A7F4-16C0A407B0C3}" = CCC Help French "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A "{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{C4F9000B-677C-DBE0-8213-C47E04F098C1}" = Catalyst Control Center Core Implementation "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100 "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{C9EA192F-AEC6-18B1-D641-8ADF9F892260}" = CCC Help Turkish "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB8CDB72-8323-E26C-1FCB-C5497EA451A6}" = Catalyst Control Center Localization Spanish "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00 "{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite "{D2D52856-B412-9CEE-C10D-BA5C6F2DDD6E}" = Catalyst Control Center Localization Danish "{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant "{D3F2542C-0962-1313-CA4F-942E37889349}" = Catalyst Control Center Localization Czech "{D97215A1-196F-E4BA-B531-4E1AF9393E69}" = ccc-utility "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1 "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp "{DC5437E1-6C27-E514-5DD3-CDB9E516AF16}" = Catalyst Control Center Localization Thai "{DC8CF830-12C4-2AFF-1DB6-09A47CEBFEAB}" = Catalyst Control Center Localization Italian "{E1201237-AE20-F128-DA8E-47859AE55889}" = CCC Help Finnish "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "{E574C0AC-550B-68A4-4D89-B1940C536229}" = CCC Help Polish "{E6451EF8-8ACB-7640-2DE3-AEF23DF02BFA}" = CCC Help Thai "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E81596D4-ADC6-46E1-A765-143F2569CC53}" = WinZip81 "{E9339644-F92D-96C5-7AB7-384818825698}" = Catalyst Control Center Localization Turkish "{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1 "{EE52FA1D-A4F9-02A5-5C4A-00B1D15CCF26}" = CCC Help Portuguese "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EE9D54F6-EA22-6160-9C4F-45331E9104B6}" = CCC Help Greek "{EEA1220D-9772-F11B-0110-AA5680DCEEDE}" = CCC Help Korean "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}" = HP BIOS Configuration for ProtectTools "{F9A859AB-09BC-F1B4-83C1-F70C462AD066}" = CCC Help Spanish "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer "3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Agere Systems Soft Modem" = Agere Systems HDA Modem "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "ATI Display Driver" = ATI Display Driver "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.3 (Unicode) "AudibleManager" = AudibleManager "BeyondCompare3_is1" = Beyond Compare version 3.0.7 "Broadcom 802.11b Network Adapter" = Broadcom 802.11-WLAN-Adapter "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8) "CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7) "Click'N Design 3D for AfterBurner(tm) (V5)" = Click'N Design 3D for AfterBurner(tm) (V5) "E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1) "E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) "Gmg3" = GME EPC 3 3.22.0 "HP Document Viewer" = HP Document Viewer 7.0 "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "HPOCR" = OCR Software by I.R.I.S 7.0 "ie8" = Windows Internet Explorer 8 "Imgrplg2" = Bild-Plugin 2.13.0 "InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00 "JSDK2.0" = Java Servlet Development Kit 2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero OEM "NeroVision!UninstallKey" = NeroVision Express 2 SE "Nokia PC Suite" = Nokia PC Suite "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "OpenMG HotFix4.4-05-12-06-01" = OpenMG Limited Patch 4.4-06-13-19-01 "Rainbow Sentinel Driver" = Sentinel System Driver "RealPlayer 15.0" = RealPlayer "Shadow Warrior v1.2" = Shadow Warrior v1.2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "SysadmV10" = Sysadm "TISV10" = Tis "Transbase" = Transbase V6.8.1.1 (Build 1) "VLC media player" = VideoLAN VLC media player 0.8.6i "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WGA" = Windows Genuine Advantage Validation Tool "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "winusb0100" = Microsoft WinUsb 1.0 "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "World of Warcraft" = World of Warcraft "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "World of Warcraft" = World of Warcraft ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19.05.2012 03:41:07 | Computer Name = PC279312431166 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung tbmux32.exe, Version 5.2.2.23, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 19.05.2012 03:41:07 | Computer Name = PC279312431166 | Source = SuperProServer | ID = 9 Description = Error - 19.05.2012 04:01:33 | Computer Name = PC279312431166 | Source = COSIDS_TB | ID = 4097 Description = Error - 19.05.2012 04:01:33 | Computer Name = PC279312431166 | Source = COSIDS_TB | ID = 4097 Description = Error - 19.05.2012 04:01:38 | Computer Name = PC279312431166 | Source = SuperProServer | ID = 9 Description = Error - 21.05.2012 12:22:05 | Computer Name = PC279312431166 | Source = COSIDS_TB | ID = 4097 Description = Error - 21.05.2012 12:22:05 | Computer Name = PC279312431166 | Source = COSIDS_TB | ID = 4097 Description = Error - 21.05.2012 12:22:07 | Computer Name = PC279312431166 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung tbmux32.exe, Version 5.2.2.23, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 21.05.2012 12:22:09 | Computer Name = PC279312431166 | Source = SuperProServer | ID = 9 Description = Error - 21.05.2012 10:23:26 | Computer Name = PC279312431166 | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\WINZIP\WINZIP 15.0.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) [ System Events ] Error - 21.05.2012 12:22:29 | Computer Name = PC279312431166 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Sentinel" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error - 21.05.2012 12:22:29 | Computer Name = PC279312431166 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Zune Bus Enumerator Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 21.05.2012 10:22:29 | Computer Name = PC279312431166 | Source = Service Control Manager | ID = 7034 Description = Dienst "SentinelSuperProNet Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > Den CC Cleaner habe ich noch nicht drüber laufen lassen, weil ich mit der blöden Entschlüsselung nicht weiter komme und mit nicht sicher bin, ob es was aus macht, wenn viele Dateien noch verschlüsselt sind... Schon mal Danke im voraus... Ratlose Grüße sideways |
22.05.2012, 12:21 | #4 | |
/// Helfer-Team | Windows Verschlüsselungstrojaner hat mich erwischt Die Entschlüsselung von daten, kannst noch das Tool ausprobieren:-> *klick* oder/und auch versuchen die verschlüsselte Dateien auf einen leeren USB Stick speichern. Wenn Du weiß was für dateien sind (z.B *.jpg, *.doc usw) dann benenne sie alle wieder in Originalform wie vorher, also z.B in eine .jpg Datei Zitat:
Code:
ATTFilter :OTL IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {7F68E687-752F-46E8-894E-1CC1F48B713C} IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5cc463f8000000000000001e37a7db41&tlver=1.4.19.19&ss=1&affID=17395 IE - HKCU\..\SearchScopes\{7F68E687-752F-46E8-894E-1CC1F48B713C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GGLL_de [2011.03.23 11:58:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\lknc5bzw.default\extensions\ffxtlbr@babylon.com O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.12.21 09:55:47 | 000,000,100 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ] :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (22.05.2012 um 12:26 Uhr) |
Themen zu Windows Verschlüsselungstrojaner hat mich erwischt |
andere, begründung, bildschirm, brennt, click compare deinstallieren, click compare entfernen, click compare löschen, click compare redirect, click compare virus, dateien, eingeblendet, exe, infizierte, infizierten, mail, minute, natürlich, poste, rechner, super, versucht, weiterhelfen, windows, windows verschlüsselungstrojaner, würde |