| |
| |||||||
Log-Analyse und Auswertung: Polizei EInheit 5.2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.07.2012, 22:00
| #1 |
 |  Polizei EInheit 5.2 Hallo Leute, ich bin auch neu hier und wie so einige andere hat auch mich die "Polizei Einheit 5.2..." heimgesucht und meinen Computer lahm gelegt. Habe mir bisher einiges zu diesem Thema hier am Trojaner-board durchgelesen, und soweit alles was mir möglich war gemacht... Folgend der Log vom Malware Scan: (Konnte Malwarebytes jedoch nicht aktualisieren, da durch den Virus natürlich auch die Internetverbindung am betroffenen Computer lahm gelegt ist) Was mich weiters wundert ist -> wenn ich das Netzwerkkabel und somit die Internetverbindung entferne und den Computer neu starte funktioniert alles aber sobald ich mit dem Netz verbunden bin kommt wieder die "Polizei Warnung" am Desktop und sperrt alles... Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.03.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Rappold :: RAPPOLD-PC [Administrator] Schutz: Aktiviert 25.07.2012 19:44:22 mbam-log-2012-07-25 (19-44-22).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222508 Laufzeit: 14 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\$RECYCLE.BIN\S-1-5-21-237604504-4294741733-4283755352-1000\$RJKXC8P.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 25.07.2012 19:01:05 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Rappold\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,36% Memory free 4,23 Gb Paging File | 3,99 Gb Available in Paging File | 94,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 208,22 Gb Total Space | 90,09 Gb Free Space | 43,27% Space Free | Partition Type: NTFS Drive D: | 24,65 Gb Total Space | 18,36 Gb Free Space | 74,50% Space Free | Partition Type: FAT32 Computer Name: RAPPOLD-PC | User Name: Rappold | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rappold\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Hofer Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (Philips Semiconductors GmbH) DRV - (HdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/ IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=hxxp://de.google.mozilla.com/firefox?client=firefox-a&rls=com.google:de:official" FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100013 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}:0.2 FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.13.0.6 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.03 23:14:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.26 11:51:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.13 04:39:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.11 06:17:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.26 11:51:25 | 000,000,000 | ---D | M] [2008.11.14 10:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rappold\AppData\Roaming\mozilla\Extensions [2012.07.24 18:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions [2010.07.27 10:13:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.03 19:27:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.06.06 12:34:11 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.27 10:40:19 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.01.13 04:28:40 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\de-AT@dictionaries.addons.mozilla.org [2011.07.20 11:26:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com [2012.05.24 18:07:53 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com [2011.02.25 20:23:32 | 000,000,881 | ---- | M] () -- C:\Users\Rappold\AppData\Roaming\Mozilla\Firefox\Profiles\6rz0ztvy.default\searchplugins\conduit.xml [2012.04.20 09:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.15 14:15:16 | 000,000,000 | ---D | M] (Controller) -- C:\Programme\Mozilla Firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11} [2010.11.05 12:39:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.13 02:32:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.08.17 09:50:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.04.20 09:45:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2007.08.27 08:50:31 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com [2010.02.26 11:51:25 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2012.02.15 14:15:16 | 000,000,000 | ---D | M] (Controller) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11} [2007.10.20 00:14:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008.07.24 08:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2010.02.22 11:09:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.11.05 12:39:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.13 02:32:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.08.17 09:50:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.04.20 09:45:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.20 09:44:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.11.13 12:50:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.13 12:50:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.11.13 12:50:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.13 12:50:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.13 12:50:14 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [A1Webassistent] C:\Program Files\A1\A1 Webassistent\A1Webassistent.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] C:\Users\Rappold\AppData\Local\Temp\goempthnhvhggp.exe () O4 - HKCU..\Run: [attrover] rundll32 ",CreateProcessNotify File not found O4 - HKCU..\Run: [gntqhqql] "C:\Users\Rappold\AppData\Local\xiqepvlb.exe" File not found O4 - HKCU..\Run: [mcmpfvuv] "C:\Users\Rappold\AppData\Local\snnodpoh.exe" File not found O4 - HKCU..\Run: [wbljbdlk] "C:\Users\Rappold\AppData\Local\mtvjwnro.exe" File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\Run: [xthxhbtf] "C:\Users\Rappold\AppData\Local\trrcdvpi.exe" File not found O4 - Startup: C:\Users\Rappold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rappold\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Rappold\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rappold\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87967FC7-7D21-4B00-B80B-7CC90EEA9724}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{73b40b63-3d2c-11df-9330-0019db4f4857}\Shell - "" = AutoRun O33 - MountPoints2\{73b40b63-3d2c-11df-9330-0019db4f4857}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{9ddb37de-a49b-11de-b32e-0019db4f4857}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\setup.exe O33 - MountPoints2\{d837fae4-4abc-11e0-99ff-0019db4f4857}\Shell - "" = AutoRun O33 - MountPoints2\{d837fae4-4abc-11e0-99ff-0019db4f4857}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.25 18:18:07 | 000,000,000 | ---D | C] -- C:\Users\Rappold\AppData\Roaming\Malwarebytes [2012.07.25 18:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.25 18:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.25 18:17:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.25 18:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.25 18:11:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rappold\Desktop\OTL.exe [2012.07.25 15:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer [2012.07.24 18:13:42 | 000,000,000 | ---D | C] -- C:\Users\Rappold\AppData\Roaming\HPAppData [2012.07.23 07:26:57 | 000,000,000 | ---D | C] -- C:\Users\Rappold\Documents\Reisekosten_12 [2012.07.11 11:58:18 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 11:55:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.11 11:55:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.11 11:55:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.11 11:55:25 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.11 11:55:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.11 11:55:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 11:55:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.11 11:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D561AB000D4D8400695C7C570F1C8B [2012.07.11 08:51:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.07 20:44:58 | 000,000,000 | ---D | C] -- C:\Users\Rappold\Desktop\Piano_Noten_OCV - Kopie [1 C:\Users\Rappold\*.tmp files -> C:\Users\Rappold\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.25 18:58:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.25 18:54:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.25 18:51:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.25 18:50:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.25 18:49:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 18:49:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 18:18:00 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.25 18:16:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rappold\Desktop\OTL.exe [2012.07.25 18:12:03 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.25 18:12:03 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.25 18:12:03 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.25 18:12:03 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.25 15:45:00 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2012.07.24 14:06:24 | 000,001,875 | ---- | M] () -- C:\Users\Rappold\Desktop\Avira Free Antivirus Profil Vollständige Systemprüfung.LNK [2012.07.24 11:50:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.07.23 08:17:32 | 000,002,637 | ---- | M] () -- C:\Users\Rappold\Desktop\Microsoft Office Word 2003.lnk [2012.07.20 17:19:23 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2012.07.20 15:30:32 | 000,000,562 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Rappold.job [2012.07.12 15:56:44 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.12 12:50:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.12 12:50:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.12 11:45:33 | 000,058,880 | ---- | M] () -- C:\Users\Rappold\AppData\Local\vvsxsljh [2012.07.12 11:25:21 | 000,058,880 | ---- | M] () -- C:\Users\Rappold\AppData\Local\cokjpnmo [2012.07.11 14:15:33 | 000,002,665 | ---- | M] () -- C:\Users\Rappold\Desktop\Microsoft Office Excel 2003.lnk [2012.07.11 12:05:55 | 000,349,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.11 11:30:04 | 000,000,000 | ---- | M] () -- C:\Users\Rappold\AppData\Roaming\SharedSettings.ccs [2012.07.11 11:27:28 | 000,058,368 | ---- | M] () -- C:\Users\Rappold\AppData\Local\jltxdcsq [2012.07.04 06:28:54 | 212,908,824 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.29 14:49:43 | 000,202,240 | ---- | M] () -- C:\Users\Rappold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Users\Rappold\*.tmp files -> C:\Users\Rappold\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.25 18:18:00 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.25 15:45:00 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2012.07.24 14:06:24 | 000,001,875 | ---- | C] () -- C:\Users\Rappold\Desktop\Avira Free Antivirus Profil Vollständige Systemprüfung.LNK [2012.07.12 11:45:33 | 000,058,880 | ---- | C] () -- C:\Users\Rappold\AppData\Local\vvsxsljh [2012.07.12 11:25:21 | 000,058,880 | ---- | C] () -- C:\Users\Rappold\AppData\Local\cokjpnmo [2012.07.11 11:30:04 | 000,000,000 | ---- | C] () -- C:\Users\Rappold\AppData\Roaming\SharedSettings.ccs [2012.07.11 11:27:28 | 000,058,368 | ---- | C] () -- C:\Users\Rappold\AppData\Local\jltxdcsq [2011.01.13 02:02:12 | 000,000,680 | ---- | C] () -- C:\Users\Rappold\AppData\Local\d3d9caps.dat [2010.11.13 21:44:56 | 006,329,983 | ---- | C] () -- C:\Users\Rappold\Korsika2010.cpr [2010.08.11 13:09:44 | 000,000,016 | ---- | C] () -- C:\Users\Rappold\AppData\Roaming\bawuho.dat [2010.07.26 08:58:52 | 001,575,711 | ---- | C] () -- C:\Users\Rappold\Haus2.jpg [2007.06.14 14:00:01 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.02.06 18:34:42 | 000,000,164 | ---- | C] () -- C:\Users\Rappold\AppData\Roaming\Default.PLS [2007.02.06 18:06:51 | 000,000,430 | ---- | C] () -- C:\Users\Rappold\AppData\Roaming\wklnhst.dat [2007.02.05 11:49:40 | 000,202,240 | ---- | C] () -- C:\Users\Rappold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 837 bytes -> C:\Users\Rappold\Documents\AnsprechpartnerKunden_xls.eml:OECustomProperty @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4 < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.07.2012 19:01:05 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Rappold\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,36% Memory free
4,23 Gb Paging File | 3,99 Gb Available in Paging File | 94,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 208,22 Gb Total Space | 90,09 Gb Free Space | 43,27% Space Free | Partition Type: NTFS
Drive D: | 24,65 Gb Total Space | 18,36 Gb Free Space | 74,50% Space Free | Partition Type: FAT32
Computer Name: RAPPOLD-PC | User Name: Rappold | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [BIPA FotoShop] -- "C:\Program Files\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B2273-0938-432A-B037-A172A540E6B1}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{0598FE62-116E-4B2F-AC4E-EF0D9B70F5F7}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{0729A854-539A-4F62-817C-DB4C17D9E100}" = lport=1723 | protocol=6 | dir=in | app=system |
"{114B0E23-A4A7-4669-8AF2-A168BA6C1FA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{17579E5A-C56E-421D-9537-3504D9A439C4}" = rport=1701 | protocol=17 | dir=out | app=system |
"{206B0080-80EC-4A4E-B433-0D09A6FE5E36}" = rport=1723 | protocol=6 | dir=out | app=system |
"{217BD5AE-8BF7-4098-8CA3-D0CF8B3EBE95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{3DD6984B-AAD0-4570-82BD-D473EA1F6F74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{5DD82C47-3622-464B-9BF0-E72AC58BE3AE}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{71E99DB6-7C62-40F4-9D0C-6C7B53AB72FD}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{857669A1-FAD6-45C6-89D9-C6189D66CE80}" = lport=445 | protocol=6 | dir=in | app=system |
"{ADA11892-8340-4515-B201-7B6773B35E4F}" = lport=1701 | protocol=17 | dir=in | app=system |
"{B7271842-9032-4B73-B0AD-3043ECC0E1A3}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{C3951814-4662-495A-9018-2AE3E45DEAC5}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{D021D208-CA7C-4284-B3FC-4C4F788ED742}" = lport=445 | protocol=6 | dir=in | app=system |
"{DCDB7D85-49F4-40F7-B33A-CD0C0A357805}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{EE74E8A4-69DD-4638-BA71-39D9FF3D2BD0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{FE208D57-EFAD-4E65-8159-378A9AA00ACC}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FB4676-3B0D-4ACE-AC2B-B95BA4BA0C50}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1breitband.exe |
"{067AABF1-CBC1-4AFB-85A7-51FA3F5B52FC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{06E14608-1F55-4042-975E-6CBA946571AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{08471D31-E9EA-44CE-9511-3424B45DAFD0}" = protocol=6 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe |
"{09D84462-5DD1-44C7-895F-A03734BD6641}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{0AF46490-7706-4BC0-B8B5-564F29CE4244}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0B19029E-5D7C-4A97-A89A-7FF4F3BA1A4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{101CE93D-A9EA-4C82-9E0B-96C25BB77FBA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{11BA8E68-7FCA-470A-A900-0AB9CC7125FE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{1EE9DFF0-8E9C-4612-8E50-349778AC468B}" = protocol=17 | dir=in | app=c:\users\rappold\appdata\roaming\dropbox\bin\dropbox.exe |
"{2CB05F5E-6217-4CBA-9AD0-FF588BA9F395}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{2D30E9ED-F0DF-474E-8F54-13CD973E4971}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1modemkonfigurator.exe |
"{2EF19F9E-2403-4B64-9FF3-95F92A1BE288}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1webassistent.exe |
"{4726C0EF-0234-4849-BDBA-8300BA0CC594}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{48B6A5FC-7F12-4D58-B8F2-E23423F873B2}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{48C0B694-2D38-4C61-B376-6C0D34D11E27}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4965524A-6714-4B4D-8976-CC664FAC9687}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{4E26E4C9-8D90-47C9-9057-C47729A9B2AF}" = protocol=17 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe |
"{51F9505F-EDB0-49CE-A7B3-0885A2CC2399}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5CD4D8BE-8D0C-42A2-8518-B5E8A6F198A4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{693480CC-7572-4E3F-819B-EB1E8641399B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{6D60B3A0-2ACA-4A33-B90C-E8037EAA3F5C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E0C442C-C5F2-42E9-A8CF-6EE1510ECA12}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{71067FAA-26ED-40D8-9D3E-94249DDEF2C5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{712427EE-5549-4F3F-8395-34EE35D96228}" = protocol=17 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe |
"{7B94D8F3-AAA2-4C3C-BD99-6A272D0BFD03}" = protocol=6 | dir=in | app=c:\users\rappold\appdata\roaming\dropbox\bin\dropbox.exe |
"{8614985D-5166-43EB-8E5D-9D71F7369FA2}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1breitband.exe |
"{8BF4CF79-0A78-47EE-8A83-E6F5E717CB61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{95D302B1-47F2-4873-BD63-96F4EC0673BE}" = protocol=6 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe |
"{9CF2687D-9389-4C05-8B8E-D6D43F5C3AC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{AAC67D0A-167A-45CD-B772-727132C59EDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{AB7028C3-F7F6-4B4B-93EE-F3D7AAF4F85B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{ABBAE1E0-A0DA-43E5-9ECD-49FD819BA091}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1webassistent.exe |
"{B0656D20-7A2D-4B1F-AEF8-922BEAA394E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{B120270F-2284-490C-BAF0-FFCE1A738DAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE00B9D5-7CC1-4F72-9674-11753D0EFB13}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{BEEDF3DE-CF63-4C40-81C0-B8F4935C46EB}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1wlanassistent.exe |
"{C1D717FB-292C-476E-A1A3-34F714839226}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{C3E4E0D7-02EC-4710-B1AD-7CD83457090D}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1wlanassistent.exe |
"{C96C99BE-A0C6-4A6E-8278-760C1E03D19B}" = protocol=6 | dir=in | app=c:\program files\a1\a1 servicecenter\a1servicecenter.exe |
"{CA611568-E348-492A-9FA2-BF8269601DFA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{E1E6FFD0-9486-4AAC-B6CE-42A60A67F1FD}" = protocol=17 | dir=in | app=c:\program files\a1\a1 servicecenter\a1servicecenter.exe |
"{E5D15520-D4E8-499C-AD63-7A7FC56C5B2D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{EFC7AC7A-A929-45AD-86B5-FFC2B2F6712F}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1modemkonfigurator.exe |
"{F0361729-DE89-4D0B-9551-550DF93A1620}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{FD383A6C-5CF6-4FAC-94FB-1A48E8A665A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF6F7C69-A5B1-42E4-ABD2-B16FA8EDE7FA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"TCP Query User{16A7CFD9-2632-4F51-A640-0FA956BAE3C4}C:\program files\a1\a1 webassistent\a1webassistent.exe" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1webassistent.exe |
"TCP Query User{1830C9BE-34B2-4C29-981E-5094C39CFB41}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7D5A9FFC-9155-4430-BA3E-8A0F7F08BEEA}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{90E78FC0-EBA4-4C96-918F-9B36C9E7FEE3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B2AA0148-1D2D-4EFB-B414-5DC9D34F3CE0}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe |
"TCP Query User{C70C3F08-029C-494B-A06E-44E2CB98E207}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{0ABBC0FE-51E6-402C-85EC-0DCAC1656FFA}C:\program files\a1\a1 webassistent\a1webassistent.exe" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1webassistent.exe |
"UDP Query User{1F648DB1-86EB-4362-B156-79A289022597}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{28A54238-823F-44F9-8D08-9FCF7F59E70D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3FC1FC7D-A477-409C-A2DB-1ADD9E18A752}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{633A4223-A2F9-44F5-B7BF-B0B19926E751}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe |
"UDP Query User{D81FB8DD-5EBC-47C9-8E46-524E6F9110D3}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19a5dd5e-9675-41ef-b02a-5bdb53fb5557}" = C309a
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{291A06BB-7145-443F-9257-8913A928BD40}" = A1 Webassistent
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2D250E57-9890-44a6-B08F-5C02C991EF24}" = HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4366F05B-950A-4698-863C-93B8C7671031}" = Nero 7 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E4FBD52-148F-49EE-AFCC-96FB498F4D7D}" = A1 Servicecenter
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{905A7A49-C6AE-4F77-8E69-AE8B9629D719}" = A1 Internet Software
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{976623F9-9CDD-498a-BC67-1C35A5A547BA}" = hp_pbk_everyday_nature_classic01
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{d3c33f97-7936-4301-815f-2cf4ea5a467f}" = PS_AIO_05_C309_Software_Min
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"8781-9705-0578-2960" = Medienmanager 1.3.0
"A1 Internet Software" = A1 Internet Software
"A1 Servicecenter" = A1 Servicecenter
"A1 Webassistent" = A1 Webassistent
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BIPA FotoShop" = BIPA FotoShop
"BitTorrent" = BitTorrent
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Finale 2007" = Finale 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.5.0
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GridinSoft Trojan Killer" = Trojan Killer
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HOFER Bestellclient" = HOFER Bestellclient 4.6
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"OnlineFotoservice" = OnlineFotoservice
"PokerStars.net" = PokerStars.net
"ProSaldoFaBu_is1" = ProSaldo Fahrtenbuch
"Shop for HP Supplies" = Shop for HP Supplies
"Steinberg Cubase SX v2.01" = Steinberg Cubase SX v2.01
"TeamViewer 5" = TeamViewer 5
"Transcribe!_is1" = Transcribe! 8.10
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.09.2011 09:41:43 | Computer Name = Rappold-PC | Source = Bonjour Service | ID = 100
Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
too short
Error - 19.09.2011 09:41:43 | Computer Name = Rappold-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10038)
Error - 22.09.2011 22:13:27 | Computer Name = Rappold-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.09.2011 22:13:27 | Computer Name = Rappold-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15703
Error - 22.09.2011 22:13:27 | Computer Name = Rappold-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15703
Error - 23.09.2011 06:46:32 | Computer Name = Rappold-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.09.2011 06:46:32 | Computer Name = Rappold-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.09.2011 12:06:07 | Computer Name = Rappold-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.09.2011 12:06:07 | Computer Name = Rappold-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.09.2011 00:32:07 | Computer Name = Rappold-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.09.2011 00:32:07 | Computer Name = Rappold-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 04.05.2007 09:22:15 | Computer Name = Rappold-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80080005
Error - 14.10.2007 06:09:29 | Computer Name = Rappold-PC | Source = ehRecvr | ID = 3
Description =
Error - 14.10.2007 07:08:49 | Computer Name = Rappold-PC | Source = ehRecvr | ID = 3
Description =
Error - 14.10.2007 07:52:51 | Computer Name = Rappold-PC | Source = ehRecvr | ID = 3
Description =
Error - 07.11.2007 07:40:00 | Computer Name = Rappold-PC | Source = ehRecvr | ID = 3
Description =
Error - 15.04.2008 23:22:02 | Computer Name = Rappold-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
Error - 17.04.2008 22:08:05 | Computer Name = Rappold-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ System Events ]
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.07.2012 12:59:46 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.07.2012 12:59:56 | Computer Name = Rappold-PC | Source = DCOM | ID = 10005
Description =
Error - 25.07.2012 13:00:16 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
VIELEN DANK an euch schon mal im voraus für eure super Seite und hoffe ihr könnt auch mir Helfen. Lg PagOcv |
| Themen zu Polizei EInheit 5.2 |
| 32 bit, antivirus, avira, bho, bonjour, computer, conduit, converter, cubase, desktop, error, excel, failed, firefox, flash player, helper, home, iexplore.exe, install.exe, intranet, logfile, malware, microsoft office 2003, mp3, plug-in, polizei warnung, recycle.bin, registry, scan, searchscopes, security, software, super, svchost.exe, trojaner-board, virus, vista |
Baum-Darstellung