|
Log-Analyse und Auswertung: Verschlüsselungs-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.06.2012, 16:44 | #1 |
| Verschlüsselungs-Trojaner Hallo zusammen, habe folgende Email bekommen und ich Vollpfosten habe den Anhang geöffnet. "Sicher ist es Ihnen entgangen, dass die Zahlungsfrist der nachfolgenden Rechnung abgelaufen ist. Auf zwei Mahnungsschreiben haben Sie auch nicht reagiert. Ihre Bestellung: Leica MDA VE Artikelnummer: 2989641962273 Stück: 2 Summe: 629,89 Euro Aufgrund zusätzlicher Kosten anlässlich des Ausgleichs von Gebührenforderungen erheben wir Mahngebühren und Einschreibegebühren in der Höhe von 10.- Euro inkl. MwSt. Wir bitten Sie, den ausstehenden Rechnungsbetrag in den nächsten 7 Tagen zu überweisen. Ansonsten sehen wir uns leider gezwungen, ein Betreibungsverfahren in die Wege zu leiten und ein Inkasso Unternehmen für die weiteren Massnahmen zu beauftragen. Sollte sich dieses Schreiben mit der Bezahlung des ausstehenden Betrags gekreuzt haben, so betrachten Sie dieses Schreiben bitte als gegenstandslos. Beilagen: - Rechnung - Bestellung Mit besten Grüßen www.dnet24.de" Der Anhang ist eine ZIP-Datei (Beilagen-12.06.2012.zip), das ZIP-File enthält eine Datei mit dem Namen "Bestellung Dnet24 GmbH", als Typ steht dort MS-Dos Anwendung, dass ich nicht gesehen habe. Kurz darauf wechselt der Bildschirm zischen schwarz und den normalen Bildschirm und dann wie unter "http://www.trojaner-board.de/115183-...e-umlauf.html" beschrieben. Ich habe dann den Rechner im Abgesicherten Modus gestartet und Malwarebytes runtergeladen, installiert und den vollständigen Scan durchlaufen lassen, aber ohne Erfolg, siehe nachfolgendes Log-File. Wer kann mir helfen? Vielen Dank im Voraus Bernd Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.12.02 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Bernd.Harbauer :: P120311DE [Administrator] Schutz: Deaktiviert 12.06.2012 12:31:27 mbam-log-2012-06-12 (12-31-27).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 401432 Laufzeit: 28 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Bernd.Harbauer\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
13.06.2012, 20:29 | #2 | ||
/// Helfer-Team | Verschlüsselungs-Trojaner Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
2. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
3. ► Welche Art und Weise wurden die Daten (Eigene Dateien wie Bilder, Dokumente, Musik etc) bereits verschlüsselt? Kannst Du ein Beispiel nennen? Dateiändung wurden zugefügt (z.B "locked- .wxyz"), oder nach einem Zufallsprinzip besteht ein Dateiname aus Groß und Kleinbuchstaben (wie z.B QsEEUTODXNVqyssQ) andere? Nämlich manche Varianten lassen sich entschlüsseln, andere wieder leider nicht.. Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
14.06.2012, 08:51 | #3 |
| Verschlüsselungs-Trojaner OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 14.06.2012 09:34:51 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Bernd.Harbauer\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.90 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 80.59% Memory free 11.80 Gb Paging File | 10.68 Gb Available in Paging File | 90.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452.96 Gb Total Space | 338.32 Gb Free Space | 74.69% Space Free | Partition Type: NTFS Drive N: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS Drive P: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS Drive Y: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS Drive Z: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS Computer Name: P120311DE | User Name: Bernd.Harbauer | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Bernd.Harbauer\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () ========== Win32 Services (SafeList) ========== SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (msoidsvc) -- C:\Programme\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.) SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (ZcfgSvc7) Intel(R) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (O2SDIOAssist) -- c:\Windows\SysWOW64\srvany.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\accelern.sys (ST Microelectronics) DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\HBtnKey.sys (Dell Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT) DRV:64bit: - (O2SDJRDR) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys (O2Micro ) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (O2MDRRDR) -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys (O2Micro ) DRV:64bit: - (O2MDFRDR) -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys (O2Micro ) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F} IE:64bit: - HKLM\..\SearchScopes\{26B460B7-E076-4932-BAE4-6C88A26CDE8F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F} IE - HKLM\..\SearchScopes\{26B460B7-E076-4932-BAE4-6C88A26CDE8F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://eusapharma10microsoftonlinecom-1.sharepoint.microsoftonline.com/default.aspx IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:1.9a9pre FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.12 22:32:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.12 22:32:33 | 000,000,000 | ---D | M] [2012.03.25 18:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd.Harbauer\AppData\Roaming\mozilla\Extensions [2012.03.25 18:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd.Harbauer\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org File not found (No name found) -- C:\PROGRAM FILES (X86)\XXXL_KUECHENPLANER\PRISM\EXTENSIONS\INSPECTOR@MOZILLA.ORG [2012.03.24 19:42:06 | 000,032,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll O1 HOSTS File: ([2012.06.12 12:20:06 | 000,442,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15214 more lines... O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH) O4 - HKLM..\Run: [SignIn] C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation) O4 - HKLM..\Run: [SMB50StarMoneyRunEntry] Z:\app\OflAgent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) O4 - HKLM..\Run: [StarMoneyRunEntry] Y:\app\OflAgent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) O4 - HKCU..\Run: [CAA41A07] C:\Users\Bernd.Harbauer\Zkkym\uuugkwjb.exe (vagite sarti) O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bernd.Harbauer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: P071207DE ([]file in Local intranet) O15 - HKCU\..Trusted Domains: livemeeting.com ([]https in Internet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet) O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10] https in Trusted sites) O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10-admin] https in Trusted sites) O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10-my] https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.199.1.19 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eusapharma.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19A07781-6995-4C3B-B26F-AAFBB4E726F4}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1AB5A17-4802-4CDE-991E-7504B158648A}: DhcpNameServer = 10.199.1.19 8.8.8.8 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 09:32:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bernd.Harbauer\Desktop\OTL.exe [2012.06.12 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\Malwarebytes [2012.06.12 12:29:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.12 12:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.12 12:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.12 12:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.06.12 11:03:53 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\Zkkym [2012.06.11 14:33:46 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\PixelPlanet [2012.06.11 14:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BCL Technologies [2012.06.11 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BCL Technologies [2012.06.11 14:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PixelPlanet [2012.06.11 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PixelPlanet [2012.06.11 14:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XpressUpdate [2012.06.11 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixelPlanet [2012.06.11 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PixelPlanet [2012.06.11 14:25:28 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Downloaded Installations [2012.06.04 08:50:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.05.25 11:30:34 | 000,000,000 | --SD | C] -- C:\Users\Bernd.Harbauer\SharePoint-Websites [2012.05.25 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 365 [2012.05.25 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Deployment [2012.05.25 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Apps [2012.05.23 09:43:26 | 000,000,000 | R--D | C] -- C:\Users\Bernd.Harbauer\Documents\Scanned Documents [2012.05.23 09:43:26 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\Documents\Fax [2012.05.16 16:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.16 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.16 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight ========== Files - Modified Within 30 Days ========== [2012.06.14 09:32:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bernd.Harbauer\Desktop\OTL.exe [2012.06.14 09:30:33 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.06.14 09:30:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 09:30:13 | 455,815,167 | -HS- | M] () -- C:\hiberfil.sys [2012.06.12 16:25:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.12 16:25:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.12 12:38:00 | 001,648,302 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.12 12:38:00 | 000,702,546 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.12 12:38:00 | 000,657,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.12 12:38:00 | 000,150,210 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.12 12:38:00 | 000,122,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.12 12:29:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.12 12:20:06 | 000,442,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.12 12:11:11 | 000,001,264 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\Spybot - Search & Destroy.lnk [2012.06.12 10:57:06 | 000,002,004 | ---- | M] () -- C:\Users\Bernd.Harbauer\Documents\ddUgEeeNpAgtuNL [2012.06.12 10:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.11 14:36:11 | 000,008,598 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\sstysrpvjdtyrpjDTty [2012.06.11 14:25:43 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\PdfEditor.lnk [2012.06.11 12:05:31 | 000,006,961 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\LLnpxOgauVXAlatV [2012.06.11 09:49:35 | 000,006,538 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.06.10 09:57:41 | 000,340,577 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\OggATssqVDOduNynDjdtN [2012.06.10 09:46:59 | 000,177,576 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\ssesNJJxAueqpD [2012.06.05 13:55:51 | 001,619,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.04 08:50:22 | 537,270,287 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.03 12:06:58 | 000,381,768 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\VeernJDDsQfrXddqqnx [2012.05.31 16:09:10 | 000,038,400 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\DllgotqVrXDOsyNLADO [2012.05.30 11:36:00 | 000,023,303 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\tttyfDjUssVVOO [2012.05.30 11:35:52 | 000,108,579 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\eeotqVLDOAorXLGOQorq [2012.05.30 11:34:10 | 000,025,005 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\oootNXJDGAotXJGOu [2012.05.30 11:33:48 | 000,130,571 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\jjOTQsrqfJOUEr [2012.05.30 11:33:15 | 000,025,031 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\dUTQsrpfnDaEtpv [2012.05.30 11:28:54 | 000,022,492 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\NNNypGGuQryvGAUEeqfDT [2012.05.30 00:07:42 | 000,032,256 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\UUdeNXVlGuQtrlDOAesf [2012.05.29 23:30:18 | 000,015,607 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\alxjdetffnOjoeqXnOTE [2012.05.29 11:29:33 | 000,011,388 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\NNrLpUdQQrNxdotu [2012.05.29 11:14:33 | 000,001,022 | ---- | M] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.29 11:14:29 | 000,001,008 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\Dropbox.lnk [2012.05.24 12:17:10 | 000,041,758 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\daTQErpVvlTQspJnjaue [2012.05.23 16:31:30 | 000,053,055 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\EootNXJDxAEsXJxgu [2012.05.22 11:48:32 | 000,712,578 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\QQQqVLGvlgQsrx [2012.05.21 15:05:30 | 000,022,123 | ---- | M] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Kommagetrennte Werte (DOS).ADR ========== Files Created - No Company Name ========== [2012.06.12 12:29:56 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.12 12:11:11 | 000,001,264 | ---- | C] () -- C:\Users\Bernd.Harbauer\Desktop\Spybot - Search & Destroy.lnk [2012.06.11 14:25:43 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\PdfEditor.lnk [2012.06.04 08:50:22 | 537,270,287 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.05.21 15:05:28 | 000,022,123 | ---- | C] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2012.04.20 13:18:29 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll [2012.04.20 13:18:29 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll [2012.04.12 22:29:52 | 000,207,504 | ---- | C] () -- C:\Windows\hpwins14.dat.temp [2012.04.12 22:29:52 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp [2012.03.30 14:02:18 | 000,194,333 | ---- | C] () -- C:\Windows\hpwins19.dat [2012.03.30 14:02:18 | 000,000,253 | ---- | C] () -- C:\Windows\hpwmdl19.dat [2012.03.27 14:20:10 | 000,251,296 | ---- | C] () -- C:\Windows\hpwins14.dat [2012.03.27 14:20:10 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat [2012.03.23 22:40:36 | 000,007,617 | ---- | C] () -- C:\Users\Bernd.Harbauer\AppData\Local\Resmon.ResmonCfg [2012.03.06 09:44:23 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.06 09:44:22 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.06 09:44:20 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.06 09:44:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.06 09:44:16 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.03.06 08:37:45 | 000,006,538 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.06 08:37:24 | 000,000,572 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2012.03.06 08:34:09 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe [2012.03.06 08:34:09 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.02.11 19:45:27 | 001,648,302 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.06.2012 09:34:51 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Bernd.Harbauer\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.90 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 80.59% Memory free 11.80 Gb Paging File | 10.68 Gb Available in Paging File | 90.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452.96 Gb Total Space | 338.32 Gb Free Space | 74.69% Space Free | Partition Type: NTFS Drive N: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS Drive P: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS Drive Y: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS Drive Z: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS Computer Name: P120311DE | User Name: Bernd.Harbauer | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{041216D5-4258-4E73-B076-0F4A0A01964D}" = lport=138 | protocol=17 | dir=in | app=system | "{15B97CAD-E0C4-40A0-8EB2-DACF7767743D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{15E1FEB6-712B-4D46-84E9-F1982A17F75E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1A4D09CF-FEAB-469B-BF35-D4DA194247E1}" = rport=137 | protocol=17 | dir=out | app=system | "{287FBDE0-CD5C-4FCD-ABF2-77D7C2330F7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{322953AE-6EDC-4246-8CBA-1DC76EC2D1DE}" = lport=445 | protocol=6 | dir=in | app=system | "{325B6675-7931-4DD1-9951-DF1C6E937C03}" = rport=445 | protocol=6 | dir=out | app=system | "{35DE23DE-A137-44E8-BE75-D6A112F404F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{42FE75F4-FA1A-4390-8B9B-EE944B92FD22}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4B3987CF-DF15-4DF2-A9A8-C749A3AB65FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6266B149-309B-4148-99FA-053665A59929}" = lport=139 | protocol=6 | dir=in | app=system | "{6E95D92C-E4F0-40BF-844D-57DCE820CC44}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7BEE9F51-CBB9-4359-B946-1EE5EDD8D844}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | "{82D0581B-3BE6-4438-BCEE-3B4001C2B125}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{89352922-3AE4-4F6C-8020-AA88B9758FE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8A4C3F36-9DF0-4806-B2F8-B489CED46A58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8F783F9E-B9AD-4EDB-BB3F-EF7E484783AD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9B63CF9E-BE89-4628-985D-D3517BFE1594}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A8817B35-B183-44F3-AB23-7592718EAB8B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{B395F02C-B46C-4EFB-B2F6-B674731650E8}" = rport=139 | protocol=6 | dir=out | app=system | "{B73E5735-8884-4E9D-8329-B6B912396047}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CA8F9822-63AD-4222-8281-057B283ABDC1}" = lport=137 | protocol=17 | dir=in | app=system | "{E50E6BF5-CD6F-494D-9E17-816EEC4B1C39}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{EADBD2A2-66CC-4121-AB3E-C2DF07B2454F}" = lport=3389 | protocol=6 | dir=in | app=system | "{EFC80117-8BD5-46D7-96D7-F22258C67781}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F51EB8B0-73DF-4C36-845D-49BE09FF396B}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0046D805-077E-4895-8D20-53D7E3E89DED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{1A17DD44-9449-48DE-AD13-99298B30454C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{1ADDA5D5-4504-4A07-924F-B22FD3F99BEB}" = protocol=17 | dir=in | app=\\p071207de\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | "{1BF77DA7-3FFF-412A-9ABA-17D59DD7E5A7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{1C3EB954-A245-466C-A632-C5B43D35C414}" = protocol=17 | dir=in | app=\\p071207de\starmoney business 5.0\app\starmoney.exe | "{235B0CA6-4FC6-4376-B655-906429D01210}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{290134E7-8ECC-48C4-9947-F0B660AC463A}" = protocol=17 | dir=in | app=\\p071207de\starmoney\app\starmoney.exe | "{32756192-F5C8-4472-AC70-44A27C9A7433}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{376FC229-A31C-49BA-90C0-12CAD7689F62}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3AAC0948-9D3E-4A38-A479-2B1934B63D25}" = protocol=6 | dir=in | app=\\p071207de\starmoney\app\starmoney.exe | "{3BB376DA-AC9D-4585-B6B2-5E125450AF1F}" = protocol=17 | dir=in | app=\\p071207de\starmoney\ouservice\starmoneyonlineupdate.exe | "{3F284F9B-1F82-43DA-9F98-9741D91BF789}" = protocol=6 | dir=in | app=\\p071207de\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | "{3F542613-5CAD-4985-A90C-09205376681C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4B825FB5-EB95-4012-A690-C5A0E56A62AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4FB3CF77-2E76-4A0B-BF52-F51758E768D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{51166809-2266-4F7E-8370-6FEDCDE367E7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{8ab2ac00-afff-4043-83d9-0086528b337f}\setup\hpznui40.exe | "{576EC08B-C2C7-443D-B49E-D305000B4FCE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{5BC021C6-41E1-4D02-86DF-085FA3871129}" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | "{61055D3C-4991-40CA-BED8-8B886B00FC29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{623E52F4-9A50-4325-A7AE-1A022F56FA70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{629E0758-D0C6-435E-9A7F-EDEE88A54CD0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{687D68A1-5DC9-4C4C-92E5-262175EC3040}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{72515F6A-1256-45B1-8290-6FC1582B74E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{762AB393-DFDF-4312-85BC-20ACD2792350}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe | "{78486C69-E9F2-4AE7-8354-EA83924374CD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7D8C14C6-3CF3-416E-B074-397B45964DB5}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | "{894A81F2-791A-495D-ACD5-2BF3F218CD71}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{8A6D8C27-4E77-4F59-B247-309BA6DA719A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{8E27F28C-4058-4F1C-BEF1-0CB29A3D201B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{900D4D64-864B-4DCE-A689-FBC7CBD93EDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{961335C7-EB7C-4A78-8DAC-10F3A1D23603}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{9750DB09-E1E0-48A1-85DF-E79DA6792B1D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{9BE7AD07-E998-48A6-8498-433FA7B648D9}" = protocol=6 | dir=in | app=\\p071207de\starmoney\ouservice\starmoneyonlineupdate.exe | "{9E6EB922-A50D-4272-9FB1-884752FC0E69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{AB8023B2-06A1-4DA3-86CC-8CA6A25534CB}" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | "{B048577B-4E18-4A1B-A3D4-1CBE60EA1B9D}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe | "{B131E0CF-C46A-48DF-9774-FE34E0F164D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{B5172A8C-0415-4FFF-8B22-13E6C6E34F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | "{B5AA5FD7-32A1-4683-BEBE-1CAF42405B63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CA0BBA30-A99C-4035-A9FD-751D0FD9F86D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{CB1D72AB-1E1F-4B1D-A9EA-A7E272EE8B96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{CD04B681-0979-4E79-8892-E8A30F82E25C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{DDB27D0F-511F-4DA0-9EFC-BC1276C54038}" = protocol=6 | dir=in | app=\\p071207de\starmoney business 5.0\app\starmoney.exe | "{E6AB08C2-9767-494F-9A7E-4612C67D4BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E79BF45B-78AF-4BB7-BCDF-240656E20311}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{ECD7A766-5984-4605-A8ED-EC994A68EC82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | "{EE8FD3E3-C809-485A-988B-FFC01953302A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{FB003E39-2290-4D62-8E69-E432A457B7D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "TCP Query User{1F77745D-97D4-41A3-B9A7-6BF781668F34}C:\program files (x86)\cutesoft\netschafkopf\netschk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cutesoft\netschafkopf\netschk.exe | "TCP Query User{E179228E-3B0B-4765-8DB9-4D0A1A06C0BD}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{F3EC6B0E-3DCA-45DC-AA58-6501AC07AA13}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{1C4BCED8-B869-4BE4-BA7C-4ABBD70021F4}C:\program files (x86)\cutesoft\netschafkopf\netschk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cutesoft\netschafkopf\netschk.exe | "UDP Query User{3F747353-DFA2-4EAE-AE0A-EA8F076160EA}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{47D1EF0E-C747-44CB-82C9-A631C6C6902A}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi-Software "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AB2AC00-AFFF-4043-83D9-0086528B337F}" = HP OfficeJet J6400 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6 (64bit) "{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor (64bit) "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{E11448F2-0B44-4239-B04E-D88FE743E929}" = HP Officejet J4500 Series "{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}" = Microsoft Online Services-Anmeldeassistent "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "ProInst" = Intel PROSet Wireless "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware "{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3 "{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini "{2DD32D6C-86C2-4C56-9DB8-289E53E16827}" = StarMoney Business 5.0 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{398E4B12-9DF4-40E7-901C-494C6E99D2DC}" = StarMoney "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help "{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext "{6809408A-56A8-4863-A7E9-3723FF8C24A4}" = BPDSoftware_Ini "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6DA5C1DF-B2BA-4A08-93F2-9D058EBDC4DB}" = StarMoney Business 4.0 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{729C02AB-6C49-4DFB-8E48-680702F4836F}" = NetSchafkopf "{77663A9E-EDA4-4873-907D-6315E6D0462A}" = 6400_Help "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney "{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney "{93E28602-B57A-4487-AA65-97BB5C97AD00}" = StarMoney "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A91E3887-5185-4091-AF33-AB0048444055}" = Microsoft Online Services Sign In "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{FA30FFD4-8DF3-4B29-9C2C-EE30584CD795}" = bpd_scan "{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500 "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Foxit Reader" = Foxit Reader "InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver "iPhoneBackupExtractor" = iPhone Backup Extractor "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Office14.SingleImage" = Microsoft Office Home and Business 2010 "T-Mobile Internet Manager" = T-Mobile Internet Manager "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 10 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 11 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 12 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 13 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 14 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 15 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 16 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 17 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 18 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 19 [ System Events ] Error - 10.06.2012 03:44:50 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error - 10.06.2012 03:44:50 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error - 10.06.2012 03:46:52 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067 Description = Error - 10.06.2012 03:47:56 | Computer Name = P120311DE.eusapharma.local | Source = NETLOGON | ID = 5719 Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne EUSAPHARMA aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error - 10.06.2012 04:01:08 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.127.1537.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8403.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 11.06.2012 02:08:19 | Computer Name = P120311DE.eusapharma.local | Source = NETLOGON | ID = 5719 Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne EUSAPHARMA aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error - 11.06.2012 02:12:14 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067 Description = Error - 11.06.2012 02:17:19 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067 Description = Error - 11.06.2012 03:48:09 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error - 11.06.2012 05:48:34 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.06.2012 09:34:51 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Bernd.Harbauer\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.90 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 80.59% Memory free 11.80 Gb Paging File | 10.68 Gb Available in Paging File | 90.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452.96 Gb Total Space | 338.32 Gb Free Space | 74.69% Space Free | Partition Type: NTFS Drive N: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS Drive P: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS Drive Y: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS Drive Z: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS Computer Name: P120311DE | User Name: Bernd.Harbauer | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Bernd.Harbauer\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () ========== Win32 Services (SafeList) ========== SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (msoidsvc) -- C:\Programme\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.) SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (ZcfgSvc7) Intel(R) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (O2SDIOAssist) -- c:\Windows\SysWOW64\srvany.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\accelern.sys (ST Microelectronics) DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\HBtnKey.sys (Dell Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT) DRV:64bit: - (O2SDJRDR) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys (O2Micro ) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (O2MDRRDR) -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys (O2Micro ) DRV:64bit: - (O2MDFRDR) -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys (O2Micro ) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F} IE:64bit: - HKLM\..\SearchScopes\{26B460B7-E076-4932-BAE4-6C88A26CDE8F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F} IE - HKLM\..\SearchScopes\{26B460B7-E076-4932-BAE4-6C88A26CDE8F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://eusapharma10microsoftonlinecom-1.sharepoint.microsoftonline.com/default.aspx IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:1.9a9pre FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.12 22:32:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.12 22:32:33 | 000,000,000 | ---D | M] [2012.03.25 18:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd.Harbauer\AppData\Roaming\mozilla\Extensions [2012.03.25 18:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd.Harbauer\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org File not found (No name found) -- C:\PROGRAM FILES (X86)\XXXL_KUECHENPLANER\PRISM\EXTENSIONS\INSPECTOR@MOZILLA.ORG [2012.03.24 19:42:06 | 000,032,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll O1 HOSTS File: ([2012.06.12 12:20:06 | 000,442,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15214 more lines... O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH) O4 - HKLM..\Run: [SignIn] C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation) O4 - HKLM..\Run: [SMB50StarMoneyRunEntry] Z:\app\OflAgent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) O4 - HKLM..\Run: [StarMoneyRunEntry] Y:\app\OflAgent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) O4 - HKCU..\Run: [CAA41A07] C:\Users\Bernd.Harbauer\Zkkym\uuugkwjb.exe (vagite sarti) O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bernd.Harbauer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: P071207DE ([]file in Local intranet) O15 - HKCU\..Trusted Domains: livemeeting.com ([]https in Internet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet) O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet) O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10] https in Trusted sites) O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10-admin] https in Trusted sites) O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10-my] https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.199.1.19 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eusapharma.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19A07781-6995-4C3B-B26F-AAFBB4E726F4}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1AB5A17-4802-4CDE-991E-7504B158648A}: DhcpNameServer = 10.199.1.19 8.8.8.8 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 09:32:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bernd.Harbauer\Desktop\OTL.exe [2012.06.12 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\Malwarebytes [2012.06.12 12:29:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.12 12:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.12 12:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.12 12:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.06.12 11:03:53 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\Zkkym [2012.06.11 14:33:46 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\PixelPlanet [2012.06.11 14:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BCL Technologies [2012.06.11 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BCL Technologies [2012.06.11 14:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PixelPlanet [2012.06.11 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PixelPlanet [2012.06.11 14:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XpressUpdate [2012.06.11 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixelPlanet [2012.06.11 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PixelPlanet [2012.06.11 14:25:28 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Downloaded Installations [2012.06.04 08:50:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.05.25 11:30:34 | 000,000,000 | --SD | C] -- C:\Users\Bernd.Harbauer\SharePoint-Websites [2012.05.25 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 365 [2012.05.25 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Deployment [2012.05.25 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Apps [2012.05.23 09:43:26 | 000,000,000 | R--D | C] -- C:\Users\Bernd.Harbauer\Documents\Scanned Documents [2012.05.23 09:43:26 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\Documents\Fax [2012.05.16 16:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.16 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.16 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight ========== Files - Modified Within 30 Days ========== [2012.06.14 09:32:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bernd.Harbauer\Desktop\OTL.exe [2012.06.14 09:30:33 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.06.14 09:30:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 09:30:13 | 455,815,167 | -HS- | M] () -- C:\hiberfil.sys [2012.06.12 16:25:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.12 16:25:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.12 12:38:00 | 001,648,302 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.12 12:38:00 | 000,702,546 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.12 12:38:00 | 000,657,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.12 12:38:00 | 000,150,210 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.12 12:38:00 | 000,122,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.12 12:29:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.12 12:20:06 | 000,442,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.12 12:11:11 | 000,001,264 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\Spybot - Search & Destroy.lnk [2012.06.12 10:57:06 | 000,002,004 | ---- | M] () -- C:\Users\Bernd.Harbauer\Documents\ddUgEeeNpAgtuNL [2012.06.12 10:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.11 14:36:11 | 000,008,598 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\sstysrpvjdtyrpjDTty [2012.06.11 14:25:43 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\PdfEditor.lnk [2012.06.11 12:05:31 | 000,006,961 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\LLnpxOgauVXAlatV [2012.06.11 09:49:35 | 000,006,538 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.06.10 09:57:41 | 000,340,577 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\OggATssqVDOduNynDjdtN [2012.06.10 09:46:59 | 000,177,576 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\ssesNJJxAueqpD [2012.06.05 13:55:51 | 001,619,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.04 08:50:22 | 537,270,287 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.03 12:06:58 | 000,381,768 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\VeernJDDsQfrXddqqnx [2012.05.31 16:09:10 | 000,038,400 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\DllgotqVrXDOsyNLADO [2012.05.30 11:36:00 | 000,023,303 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\tttyfDjUssVVOO [2012.05.30 11:35:52 | 000,108,579 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\eeotqVLDOAorXLGOQorq [2012.05.30 11:34:10 | 000,025,005 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\oootNXJDGAotXJGOu [2012.05.30 11:33:48 | 000,130,571 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\jjOTQsrqfJOUEr [2012.05.30 11:33:15 | 000,025,031 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\dUTQsrpfnDaEtpv [2012.05.30 11:28:54 | 000,022,492 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\NNNypGGuQryvGAUEeqfDT [2012.05.30 00:07:42 | 000,032,256 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\UUdeNXVlGuQtrlDOAesf [2012.05.29 23:30:18 | 000,015,607 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\alxjdetffnOjoeqXnOTE [2012.05.29 11:29:33 | 000,011,388 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\NNrLpUdQQrNxdotu [2012.05.29 11:14:33 | 000,001,022 | ---- | M] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.29 11:14:29 | 000,001,008 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\Dropbox.lnk [2012.05.24 12:17:10 | 000,041,758 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\daTQErpVvlTQspJnjaue [2012.05.23 16:31:30 | 000,053,055 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\EootNXJDxAEsXJxgu [2012.05.22 11:48:32 | 000,712,578 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\QQQqVLGvlgQsrx [2012.05.21 15:05:30 | 000,022,123 | ---- | M] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Kommagetrennte Werte (DOS).ADR ========== Files Created - No Company Name ========== [2012.06.12 12:29:56 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.12 12:11:11 | 000,001,264 | ---- | C] () -- C:\Users\Bernd.Harbauer\Desktop\Spybot - Search & Destroy.lnk [2012.06.11 14:25:43 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\PdfEditor.lnk [2012.06.04 08:50:22 | 537,270,287 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.05.21 15:05:28 | 000,022,123 | ---- | C] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2012.04.20 13:18:29 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll [2012.04.20 13:18:29 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll [2012.04.12 22:29:52 | 000,207,504 | ---- | C] () -- C:\Windows\hpwins14.dat.temp [2012.04.12 22:29:52 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp [2012.03.30 14:02:18 | 000,194,333 | ---- | C] () -- C:\Windows\hpwins19.dat [2012.03.30 14:02:18 | 000,000,253 | ---- | C] () -- C:\Windows\hpwmdl19.dat [2012.03.27 14:20:10 | 000,251,296 | ---- | C] () -- C:\Windows\hpwins14.dat [2012.03.27 14:20:10 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat [2012.03.23 22:40:36 | 000,007,617 | ---- | C] () -- C:\Users\Bernd.Harbauer\AppData\Local\Resmon.ResmonCfg [2012.03.06 09:44:23 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.06 09:44:22 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.06 09:44:20 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.06 09:44:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.06 09:44:16 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.03.06 08:37:45 | 000,006,538 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.06 08:37:24 | 000,000,572 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2012.03.06 08:34:09 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe [2012.03.06 08:34:09 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.02.11 19:45:27 | 001,648,302 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.06.2012 09:34:51 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Bernd.Harbauer\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.90 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 80.59% Memory free 11.80 Gb Paging File | 10.68 Gb Available in Paging File | 90.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452.96 Gb Total Space | 338.32 Gb Free Space | 74.69% Space Free | Partition Type: NTFS Drive N: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS Drive P: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS Drive Y: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS Drive Z: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS Computer Name: P120311DE | User Name: Bernd.Harbauer | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{041216D5-4258-4E73-B076-0F4A0A01964D}" = lport=138 | protocol=17 | dir=in | app=system | "{15B97CAD-E0C4-40A0-8EB2-DACF7767743D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{15E1FEB6-712B-4D46-84E9-F1982A17F75E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1A4D09CF-FEAB-469B-BF35-D4DA194247E1}" = rport=137 | protocol=17 | dir=out | app=system | "{287FBDE0-CD5C-4FCD-ABF2-77D7C2330F7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{322953AE-6EDC-4246-8CBA-1DC76EC2D1DE}" = lport=445 | protocol=6 | dir=in | app=system | "{325B6675-7931-4DD1-9951-DF1C6E937C03}" = rport=445 | protocol=6 | dir=out | app=system | "{35DE23DE-A137-44E8-BE75-D6A112F404F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{42FE75F4-FA1A-4390-8B9B-EE944B92FD22}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4B3987CF-DF15-4DF2-A9A8-C749A3AB65FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6266B149-309B-4148-99FA-053665A59929}" = lport=139 | protocol=6 | dir=in | app=system | "{6E95D92C-E4F0-40BF-844D-57DCE820CC44}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7BEE9F51-CBB9-4359-B946-1EE5EDD8D844}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | "{82D0581B-3BE6-4438-BCEE-3B4001C2B125}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{89352922-3AE4-4F6C-8020-AA88B9758FE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8A4C3F36-9DF0-4806-B2F8-B489CED46A58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8F783F9E-B9AD-4EDB-BB3F-EF7E484783AD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9B63CF9E-BE89-4628-985D-D3517BFE1594}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A8817B35-B183-44F3-AB23-7592718EAB8B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{B395F02C-B46C-4EFB-B2F6-B674731650E8}" = rport=139 | protocol=6 | dir=out | app=system | "{B73E5735-8884-4E9D-8329-B6B912396047}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CA8F9822-63AD-4222-8281-057B283ABDC1}" = lport=137 | protocol=17 | dir=in | app=system | "{E50E6BF5-CD6F-494D-9E17-816EEC4B1C39}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{EADBD2A2-66CC-4121-AB3E-C2DF07B2454F}" = lport=3389 | protocol=6 | dir=in | app=system | "{EFC80117-8BD5-46D7-96D7-F22258C67781}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F51EB8B0-73DF-4C36-845D-49BE09FF396B}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0046D805-077E-4895-8D20-53D7E3E89DED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{1A17DD44-9449-48DE-AD13-99298B30454C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{1ADDA5D5-4504-4A07-924F-B22FD3F99BEB}" = protocol=17 | dir=in | app=\\p071207de\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | "{1BF77DA7-3FFF-412A-9ABA-17D59DD7E5A7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{1C3EB954-A245-466C-A632-C5B43D35C414}" = protocol=17 | dir=in | app=\\p071207de\starmoney business 5.0\app\starmoney.exe | "{235B0CA6-4FC6-4376-B655-906429D01210}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{290134E7-8ECC-48C4-9947-F0B660AC463A}" = protocol=17 | dir=in | app=\\p071207de\starmoney\app\starmoney.exe | "{32756192-F5C8-4472-AC70-44A27C9A7433}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{376FC229-A31C-49BA-90C0-12CAD7689F62}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3AAC0948-9D3E-4A38-A479-2B1934B63D25}" = protocol=6 | dir=in | app=\\p071207de\starmoney\app\starmoney.exe | "{3BB376DA-AC9D-4585-B6B2-5E125450AF1F}" = protocol=17 | dir=in | app=\\p071207de\starmoney\ouservice\starmoneyonlineupdate.exe | "{3F284F9B-1F82-43DA-9F98-9741D91BF789}" = protocol=6 | dir=in | app=\\p071207de\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | "{3F542613-5CAD-4985-A90C-09205376681C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4B825FB5-EB95-4012-A690-C5A0E56A62AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4FB3CF77-2E76-4A0B-BF52-F51758E768D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{51166809-2266-4F7E-8370-6FEDCDE367E7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{8ab2ac00-afff-4043-83d9-0086528b337f}\setup\hpznui40.exe | "{576EC08B-C2C7-443D-B49E-D305000B4FCE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{5BC021C6-41E1-4D02-86DF-085FA3871129}" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | "{61055D3C-4991-40CA-BED8-8B886B00FC29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{623E52F4-9A50-4325-A7AE-1A022F56FA70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{629E0758-D0C6-435E-9A7F-EDEE88A54CD0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{687D68A1-5DC9-4C4C-92E5-262175EC3040}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{72515F6A-1256-45B1-8290-6FC1582B74E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{762AB393-DFDF-4312-85BC-20ACD2792350}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe | "{78486C69-E9F2-4AE7-8354-EA83924374CD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7D8C14C6-3CF3-416E-B074-397B45964DB5}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | "{894A81F2-791A-495D-ACD5-2BF3F218CD71}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{8A6D8C27-4E77-4F59-B247-309BA6DA719A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{8E27F28C-4058-4F1C-BEF1-0CB29A3D201B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{900D4D64-864B-4DCE-A689-FBC7CBD93EDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{961335C7-EB7C-4A78-8DAC-10F3A1D23603}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{9750DB09-E1E0-48A1-85DF-E79DA6792B1D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{9BE7AD07-E998-48A6-8498-433FA7B648D9}" = protocol=6 | dir=in | app=\\p071207de\starmoney\ouservice\starmoneyonlineupdate.exe | "{9E6EB922-A50D-4272-9FB1-884752FC0E69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{AB8023B2-06A1-4DA3-86CC-8CA6A25534CB}" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | "{B048577B-4E18-4A1B-A3D4-1CBE60EA1B9D}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe | "{B131E0CF-C46A-48DF-9774-FE34E0F164D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{B5172A8C-0415-4FFF-8B22-13E6C6E34F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | "{B5AA5FD7-32A1-4683-BEBE-1CAF42405B63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CA0BBA30-A99C-4035-A9FD-751D0FD9F86D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{CB1D72AB-1E1F-4B1D-A9EA-A7E272EE8B96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{CD04B681-0979-4E79-8892-E8A30F82E25C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{DDB27D0F-511F-4DA0-9EFC-BC1276C54038}" = protocol=6 | dir=in | app=\\p071207de\starmoney business 5.0\app\starmoney.exe | "{E6AB08C2-9767-494F-9A7E-4612C67D4BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E79BF45B-78AF-4BB7-BCDF-240656E20311}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{ECD7A766-5984-4605-A8ED-EC994A68EC82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | "{EE8FD3E3-C809-485A-988B-FFC01953302A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{FB003E39-2290-4D62-8E69-E432A457B7D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "TCP Query User{1F77745D-97D4-41A3-B9A7-6BF781668F34}C:\program files (x86)\cutesoft\netschafkopf\netschk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cutesoft\netschafkopf\netschk.exe | "TCP Query User{E179228E-3B0B-4765-8DB9-4D0A1A06C0BD}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{F3EC6B0E-3DCA-45DC-AA58-6501AC07AA13}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{1C4BCED8-B869-4BE4-BA7C-4ABBD70021F4}C:\program files (x86)\cutesoft\netschafkopf\netschk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cutesoft\netschafkopf\netschk.exe | "UDP Query User{3F747353-DFA2-4EAE-AE0A-EA8F076160EA}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{47D1EF0E-C747-44CB-82C9-A631C6C6902A}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi-Software "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AB2AC00-AFFF-4043-83D9-0086528B337F}" = HP OfficeJet J6400 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6 (64bit) "{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor (64bit) "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{E11448F2-0B44-4239-B04E-D88FE743E929}" = HP Officejet J4500 Series "{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}" = Microsoft Online Services-Anmeldeassistent "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "ProInst" = Intel PROSet Wireless "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware "{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3 "{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini "{2DD32D6C-86C2-4C56-9DB8-289E53E16827}" = StarMoney Business 5.0 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{398E4B12-9DF4-40E7-901C-494C6E99D2DC}" = StarMoney "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help "{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext "{6809408A-56A8-4863-A7E9-3723FF8C24A4}" = BPDSoftware_Ini "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6DA5C1DF-B2BA-4A08-93F2-9D058EBDC4DB}" = StarMoney Business 4.0 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{729C02AB-6C49-4DFB-8E48-680702F4836F}" = NetSchafkopf "{77663A9E-EDA4-4873-907D-6315E6D0462A}" = 6400_Help "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney "{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney "{93E28602-B57A-4487-AA65-97BB5C97AD00}" = StarMoney "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A91E3887-5185-4091-AF33-AB0048444055}" = Microsoft Online Services Sign In "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{FA30FFD4-8DF3-4B29-9C2C-EE30584CD795}" = bpd_scan "{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500 "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Foxit Reader" = Foxit Reader "InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver "iPhoneBackupExtractor" = iPhone Backup Extractor "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Office14.SingleImage" = Microsoft Office Home and Business 2010 "T-Mobile Internet Manager" = T-Mobile Internet Manager "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 10 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 11 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 12 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 13 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 14 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 15 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 16 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 17 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 18 Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 19 [ System Events ] Error - 10.06.2012 03:44:50 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error - 10.06.2012 03:44:50 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error - 10.06.2012 03:46:52 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067 Description = Error - 10.06.2012 03:47:56 | Computer Name = P120311DE.eusapharma.local | Source = NETLOGON | ID = 5719 Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne EUSAPHARMA aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error - 10.06.2012 04:01:08 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.127.1537.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8403.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 11.06.2012 02:08:19 | Computer Name = P120311DE.eusapharma.local | Source = NETLOGON | ID = 5719 Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne EUSAPHARMA aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error - 11.06.2012 02:12:14 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067 Description = Error - 11.06.2012 02:17:19 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067 Description = Error - 11.06.2012 03:48:09 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error - 11.06.2012 05:48:34 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. < End of report > Hier die installierten SW aus CCleaner: 7-Zip 9.20 (x64 edition) Igor Pavlov 13.03.2012 4.53MB 9.20.00.0 Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 05.05.2012 6.00MB 11.2.202.235 Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 13.03.2012 121.0MB 10.1.2 Adobe Shockwave Player 11.6 Adobe Systems, Inc. 13.03.2012 11.6.4.634 Apple Application Support Apple Inc. 22.03.2012 61.0MB 2.1.7 Apple Mobile Device Support Apple Inc. 22.03.2012 24.9MB 5.1.1.4 Apple Software Update Apple Inc. 22.03.2012 2.38MB 2.1.3.127 Bonjour Apple Inc. 22.03.2012 2.04MB 3.0.0.10 CCleaner Piriform 22.05.2012 3.19 CDBurnerXP CDBurnerXP 20.03.2012 17.2MB 4.4.0.2971 cyberJack Base Components REINER SCT 19.04.2012 6.9.13 Dell Touchpad ALPS ELECTRIC CO., LTD. 05.03.2012 7.1208.101.125 Dropbox Dropbox, Inc. 28.05.2012 1.4.7 Foxit Reader Foxit Corporation 19.04.2012 11.2MB 4.3.1.118 HP Customer Participation Program 13.0 HP 11.04.2012 13.0 HP Imaging Device Functions 13.0 HP 11.04.2012 13.0 HP Officejet J4500 Series HP 29.03.2012 13.0 HP OfficeJet J6400 HP 11.04.2012 13.0 HP Smart Web Printing 4.51 HP 11.04.2012 4.51 HP Solution Center 13.0 HP 11.04.2012 13.0 HP Update Hewlett-Packard 11.04.2012 3.73MB 4.000.011.006 Intel(R) Processor Graphics Intel Corporation 06.03.2012 8.15.10.2418 Intel(R) PROSet/Wireless WiFi-Software Intel Corporation 05.03.2012 120.5MB 14.00.20110 iPhone Backup Extractor Reincubate Ltd 28.03.2012 2.82MB 3.3.6.0 iTunes Apple Inc. 22.03.2012 156.9MB 10.6.0.40 Java(TM) 7 Update 1 (64-bit) Oracle 05.03.2012 93.3MB 7.0.10 Java(TM) 7 Update 3 Oracle 27.03.2012 97.5MB 7.0.30 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 11.06.2012 18.0MB 1.61.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 10.02.2011 38.8MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 10.02.2011 52.0MB 4.0.30319 Microsoft Lync 2010 Microsoft Corporation 25.04.2012 133.6MB 4.0.7577.4087 Microsoft Office Home and Business 2010 Microsoft Corporation 11.03.2012 14.0.6029.1000 Microsoft Online Services Sign In Microsoft Corporation 13.03.2012 9.03MB 1.0.1427.40 Microsoft Online Services-Anmeldeassistent Microsoft Corporation 24.05.2012 6.11MB 7.250.4287.0 Microsoft Security Essentials Microsoft Corporation 26.04.2012 4.0.1526.0 Microsoft Silverlight Microsoft Corporation 15.05.2012 50.7MB 5.1.10411.0 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11.03.2012 0.29MB 8.0.61001 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 05.03.2012 0.61MB 8.0.61000 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 05.03.2012 0.77MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 13.03.2012 0.23MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 11.03.2012 0.77MB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.03.2012 0.58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.03.2012 0.22MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 11.03.2012 0.59MB 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.03.2012 1.28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 11.03.2012 1.33MB 4.20.9876.0 NetSchafkopf CuteSoft 29.03.2012 18.7MB 1.0.71 O2Micro Flash Memory Card Windows Driver O2Micro International LTD. 05.03.2012 5.00MB 3.0.07.23 OCR Software by I.R.I.S. 13.0 HP 11.04.2012 13.0 PDFCreator Frank Heindörfer, Philip Chinery 29.03.2012 1.3.2 PdfEditor (64bit) PixelPlanet 10.06.2012 61.9MB 1.0 PixelPlanet PdfPrinter 6 (64bit) PixelPlanet 10.06.2012 50.8MB 6.03.23 QuickTime Apple Inc. 22.03.2012 73.3MB 7.71.80.42 Shop for HP Supplies HP 11.04.2012 13.0 Skype Click to Call Skype Technologies S.A. 01.04.2012 8.78MB 5.10.9560 Skype™ 5.8 Skype Technologies S.A. 01.04.2012 19.0MB 5.8.158 Spybot - Search & Destroy Safer Networking Limited 11.06.2012 1.6.2 StarMoney Business 4.0 Star Finanz GmbH 20.04.2012 4.0 StarMoney Business 5.0 Star Finanz GmbH 20.04.2012 5.0 T-Mobile Internet Manager T-Mobile D 22.03.2012 11.301.05.17.55 Yahoo! Toolbar 11.04.2012 |
14.06.2012, 09:00 | #4 |
| Verschlüsselungs-Trojaner Hallo, die Dateien wurden nach einem Zufallsprinzip mit Groß- und Kleinbuchstaben verschlüsselt. Gruß Bernd |
14.06.2012, 09:19 | #5 | ||
/// Helfer-Team | Verschlüsselungs-Trojaner 1. Spybot - deinstallieren! 1. Hast Du zur Zone Vertrauenswürdige Sites absichtlich hinzugefügt?: Zitat:
2. Zitat:
Code:
ATTFilter :OTL O4 - HKCU..\Run: [CAA41A07] C:\Users\Bernd.Harbauer\Zkkym\uuugkwjb.exe (vagite sarti) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell - "" = AutoRun O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe :Files C:\Users\Bernd.Harbauer\Zkkym\uuugkwjb.exe C:\Users\Bernd.Harbauer\Zkkym ipconfig /flushdns /c :Commands [REBOOT]
3. Die einzige Chance deine Daten wiederherzustellen: (Während der Aktion den Rechner vom Internet und Netzwerk trennen!) -> Daten wiederherstellen mit ShadowExplorer kann ich Dir nur viel Glück wünschen ► auf jeden Fall melde dich und berichte ob es Dir gelingen ist die Daten wieder herzustellen? damit das nochmal nicht passiert, wie vermeide ich Datenverlust: ► Da sieht man wieder einmal wie wichtig ist, um die regelmäßige Sicherung (wichtigen Daten) zu kümmern Denk daran: dein Hauptsystem ist doch kein Lagerhalle! Wichtige Daten Regelmäßig sichern, am besten 2x an verschiedenen Orten! - Externe Geräte (Festplatte USB-Stick etc) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest E-Mail-Anhang - Öffne keine E-Mail-Anhänge (Attachments), wenn du den Absender nicht kennst! -> Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen. Mailprogramm grundsätzlich so einstellen
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
14.06.2012, 09:46 | #6 |
| Verschlüsselungs-Trojaner Danke und viele Grüße Hi, also ich kann den Laptop wieder verwenden. Es ist aber kein Textdokument nach dem Neustart erschienen. Wenn ich den Shadow-Explorer öffne, erscheint nur ein Fenster, bei dem C: ausgewählt ist, aber keine Daten erscheinen. Gruß Bernd |
14.06.2012, 13:25 | #7 |
/// Helfer-Team | Verschlüsselungs-Trojaner wenn die Schattenkopien deaktiviert oder wegen wenig Speicherplatz alles vom System gelöscht wurde, dann wird`s damit leider nicht mehr hast Du die Video-Anleitung angesehen wie es geht? ► Welche Art und Weise wurden die Daten (Eigene Dateien wie Bilder, Dokumente, Musik etc) bereits verschlüsselt? Kannst Du ein Beispiel nennen? Dateiändung wurden zugefügt (z.B "locked- .wxyz"), oder nach einem Zufallsprinzip besteht ein Dateiname aus Groß und Kleinbuchstaben (wie z.B QsEEUTODXNVqyssQ) andere? Nämlich manche Varianten lassen sich entschlüsseln, andere wieder leider nicht..
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
Themen zu Verschlüsselungs-Trojaner |
abgesicherten, administrator, anti-malware, anwendung, autostart, besten, bildschirm, dateien, dateisystem, dnet24 gmbh, email, explorer, folge, gelöscht, hallo zusammen, heuristiks/extra, heuristiks/shuriken, malwarebytes, modus, ms-dos, ms-dos anwendung, namen, quarantäne, rechner, rechnung, scan, service, speicher, test, trojan.fakealert, trojaner, verschlüsselung, version, zip-datei |