| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner auf xpWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.10.2012, 19:26
| #3 |
| |  GVU Trojaner auf xp Hallo t'john,
__________________Danke für Deine Anweisungen, die ich befolgt habe. Malewarebyte habe ich aktualisiert und einen vollständigen Scan durchgeführt. Und siehe da: es gab nun 2 Meldungen! Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.07.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Hartmann :: HARTMANN-65F68F [administrator] 07.10.2012 16:45:49 mbam-log-2012-10-07 (16-45-49).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 405640 Time elapsed: 2 hour(s), 48 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent) -> Data: explorer.exe,C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\msconfig.dat -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temp\m34j0ylqcc6wy77l.exe (Trojan.Zbot) -> Quarantined and deleted successfully. (end) OTL habe ich durchgeführt die beiden Files folgend:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.10.2012 20:09:19 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Hartmann\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 66,91% Memory free
4,84 Gb Paging File | 3,86 Gb Available in Paging File | 79,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4606 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 414,88 Gb Free Space | 89,08% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 11,05 Gb Free Space | 56,59% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 176,44 Gb Free Space | 90,34% Space Free | Partition Type: NTFS
Drive F: | 250,91 Gb Total Space | 210,87 Gb Free Space | 84,04% Space Free | Partition Type: NTFS
Computer Name: HARTMANN-65F68F | User Name: Hartmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Hartmann\Eigene Dateien\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - F:\Spiele\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - F:\Spiele\hamachi-2.exe (LogMeIn Inc.)
PRC - F:\Spiele\MountandBlade\steam.exe (Valve Corporation)
PRC - C:\Programme\Norton 360\Engine\6.3.0.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Vtune\TBPANEL.exe ()
PRC - C:\Programme\HP\HP UT\bin\hppusg.exe ()
PRC - C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe (HP)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\1&1\Stcenter.exe (AVM Berlin)
PRC - C:\Programme\1&1\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\1&1\FwebProt.exe (AVM Berlin)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
========== Modules (No Company Name) ==========
MOD - F:\Spiele\MountandBlade\bin\libcef.dll ()
MOD - F:\Spiele\MountandBlade\bin\avcodec-53.dll ()
MOD - F:\Spiele\MountandBlade\bin\chromehtml.dll ()
MOD - F:\Spiele\MountandBlade\bin\avformat-53.dll ()
MOD - F:\Spiele\MountandBlade\bin\avutil-51.dll ()
MOD - C:\Programme\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll ()
MOD - C:\Programme\Google\Chrome\Application\22.0.1229.79\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\22.0.1229.79\avutil-51.dll ()
MOD - C:\Programme\Google\Chrome\Application\22.0.1229.79\avformat-54.dll ()
MOD - C:\Programme\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
MOD - C:\windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll ()
MOD - C:\Programme\Vtune\TBPANEL.exe ()
MOD - C:\Programme\HP\HP UT\bin\hppusg.exe ()
MOD - C:\Programme\HP\HP UT\bin\HPToolkit.dll ()
MOD - C:\Programme\HP\HP UT\bin\HPUsageTracking.dll ()
MOD - C:\Programme\HP\HP UT\bin\Enumeration.dll ()
MOD - C:\Programme\HP\HP UT\bin\HPTools.dll ()
MOD - C:\Programme\HP\HP UT\bin\HPStreamsInterface.dll ()
MOD - C:\Programme\HP\ToolboxFX\bin\HPFaxUtilities.dll ()
MOD - C:\Programme\HP\ToolboxFX\bin\Alerts.dll ()
MOD - C:\Programme\HP\ToolboxFX\bin\HPAppTools.dll ()
MOD - C:\Programme\HP\ToolboxFX\bin\HPToolkit.dll ()
MOD - C:\Programme\HP\ToolboxFX\bin\AppConstants.dll ()
MOD - C:\Programme\HP\ToolboxFX\bin\Enumeration.dll ()
MOD - C:\Programme\HP\ToolboxFX\bin\HPStreamsInterface.dll ()
MOD - C:\Programme\HP\ToolboxFX\bin\HPTools.dll ()
MOD - C:\Programme\HP\ToolboxFX\bin\NativeUtils.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
MOD - C:\Programme\Vtune\TBMANAGE.DLL ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (Hamachi2Svc) -- F:\Spiele\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Programme\Norton 360\Engine\6.3.0.14\ccSvcHst.exe (Symantec Corporation)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (PCToolsSSDMonitorSvc) -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\RpcAgentSrv.exe (SiSoftware)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (IGDCTRL) -- C:\Programme\1&1\IGDCTRL.EXE (AVM Berlin)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EagleXNt) -- File not found
DRV - (Changer) -- File not found
DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121006.007\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121006.007\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121005.002\IDSXpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120928.001\BHDrvx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0603000.00E\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\0603000.00E\srtspx.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\WINDOWS\system32\drivers\N360\0603000.00E\ccsetx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0603000.00E\symefa.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0603000.00E\symtdi.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0603000.00E\ironx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0603000.00E\symds.sys (Symantec Corporation)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\WNt500x86\sandra.sys (SiSoftware)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (HPFXFAX) -- C:\WINDOWS\system32\drivers\hpfxfax.sys (Hewlett Packard)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (TBPanel) -- C:\windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/howfytdl/{DC5D5B8A-D8B6-45BC-8090-5C8DD553C7E2}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://go.1und1.de/links/home
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\tbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Programme\FYTDL DB Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes,DefaultScope = {7ED25F27-A990-4BED-9603-8DB5255A080B}
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{0E7CCA25-45E3-47C5-812E-AC2C60509B48}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{49BFBB3D-1528-4140-8B05-4ECC02A63597}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{5F3BEBD5-F6C6-A4B8-EDD2-A6F5F61813A8}: "URL" = hxxp://www.buzqo.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-401-0-...
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{7EB13F5E-4758-44BE-BDF8-622AE3ECA5A4}: "URL" = hxxp://de.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=827316&ilc=12&p={searchTerms}
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{7ED25F27-A990-4BED-9603-8DB5255A080B}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/howfytdl/{DC5D5B8A-D8B6-45BC-8090-5C8DD553C7E2}?q={searchTerms}
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{E6022822-EBE0-4A7A-AD86-25B659F31B4B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ333YYDE&apn_uid=D73FC721-97C9-4523-B6FE-DB09E767EC16&apn_sauid=E3FFE3E6-8BAA-4AFB-BD6E-74042C05FBDB&
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}
IE - HKU\S-1-5-21-842925246-412668190-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.20 21:11:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.04.13 12:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.10.07 20:02:30 | 000,000,000 | ---D | M]
[2012.03.11 13:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Extensions
[2012.03.11 13:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de
========== Chrome ==========
CHR - homepage: hxxp://home.sweetim.com/?barid={38547E72-782E-477E-A9F0-901D7D14B020}
CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={38547E72-782E-477E-A9F0-901D7D14B020}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://home.sweetim.com/?barid={38547E72-782E-477E-A9F0-901D7D14B020}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.79\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Complitly plugin for chrome = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\
CHR - Extension: Norton Identity Protection = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Complitly\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.3.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\tbFree.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\FYTDL DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (FYTDL DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\FYTDL DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\Toolbar\WebBrowser: (FYTDL DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\FYTDL DB Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\tbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.3.0.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [4StoryPrePatch] E:\Programme\4Story\PrePatch.exe File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HPPQVideo] "C:\Programme\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml -o remindLater File not found
O4 - HKLM..\Run: [HPUsageTracking] C:\Programme\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] F:\Spiele\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKU\S-1-5-21-842925246-412668190-1801674531-1004..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-842925246-412668190-1801674531-1004..\Run: [Steam] F:\Spiele\MountandBlade\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-842925246-412668190-1801674531-1004..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk = C:\WINDOWS\Installer\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}\Icon2457326B4.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Hartmann\Startmenü\Programme\Autostart\DSL Protect.lnk = C:\Programme\1&1\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\Hartmann\Startmenü\Programme\Autostart\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-412668190-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\1&1\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\1&1\sarah.dll (AVM Berlin)
O15 - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-842925246-412668190-1801674531-1004\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266162571937 (WUWebControl Class)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://217.91.159.84:5050/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCAAA047-7738-4994-895C-5F2563E8E258}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.18 21:24:46 | 000,000,000 | ---D | M] - D:\Auto -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.10.07 16:44:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Malwarebytes
[2012.10.07 10:22:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.10.07 10:22:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.07 10:22:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.10.07 10:22:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.07 10:22:04 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Programme\mbam-setup-1.65.0.1400.exe
[2011.07.13 21:33:52 | 025,842,736 | ---- | C] (Microsoft Corporation) -- C:\Programme\wmp11-windowsxp-x86-DE-DE.exe
[2011.04.22 18:44:32 | 016,235,615 | ---- | C] (HOW Inc. ) -- C:\Programme\FreeYouTubeDownloaderSetup.exe
[2011.02.03 17:42:58 | 012,734,632 | ---- | C] (ICQ) -- C:\Programme\install_icq7.exe
[2011.01.23 18:16:07 | 023,773,544 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Programme\FreeYouTubeToMP3Converter32.exe
[2011.01.07 22:25:00 | 528,345,360 | ---- | C] (Nadeo ) -- C:\Programme\TmNationsForever_Setup.exe
[2011.01.07 22:13:31 | 001,474,048 | ---- | C] (Irfan Skiljan) -- C:\Programme\irfanview428_setup.exe
[2011.01.07 13:53:56 | 055,843,328 | ---- | C] (SiSoftware ) -- C:\Programme\san2011-1730-BQR.exe
[2011.01.07 13:37:22 | 017,174,968 | ---- | C] (pdfforge GbR) -- C:\Programme\PDFCreator-1_1_0_setup.exe
[2011.01.07 13:34:02 | 002,107,888 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup302_slim.exe
[2010.02.14 23:20:41 | 001,626,624 | ---- | C] (Irfan Skiljan) -- C:\Programme\iview425g_setup.exe
[2010.02.14 14:14:13 | 000,403,216 | ---- | C] (Symantec Corporation) -- C:\Programme\Norton_Download_Manager.exe
[6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.07 20:03:04 | 000,002,135 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk
[2012.10.07 20:02:01 | 000,206,492 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2012.10.07 20:01:58 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.07 20:01:58 | 000,000,262 | ---- | M] () -- C:\windows\tasks\RegistryBooster.job
[2012.10.07 20:01:48 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012.10.07 19:58:01 | 000,000,232 | ---- | M] () -- C:\windows\tasks\Scheduled Update for Ask Toolbar.job
[2012.10.07 19:15:01 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.07 11:41:01 | 000,013,688 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012.10.07 11:07:24 | 000,001,324 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2012.10.07 10:25:53 | 000,001,875 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MSN Installer.lnk
[2012.10.07 10:22:31 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.07 10:08:54 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Programme\mbam-setup-1.65.0.1400.exe
[2012.10.06 23:45:35 | 000,000,047 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\msconfig.ini
[2012.10.05 18:46:30 | 000,000,604 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Desktop\FRITZ!Box.url
[2012.10.03 11:21:59 | 000,002,505 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Desktop\Microsoft Office Excel 2007.lnk
[2012.10.03 09:07:27 | 000,009,103 | ---- | M] () -- C:\windows\System32\drivers\N360\0603000.00E\VT20121002.018
[2012.10.02 22:46:27 | 000,003,644 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Desktop\Ergebnisse 4. Spieltag D-Junioren Kreisligen Kreis Karlsruhe (bfv-D-Junioren Kreisliga Kreis Karlsruhe, D-Junioren) - Spieljahr 12-13 Baden bei FUSSBALL.DE.url
[2012.10.02 18:11:07 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Desktop\Microsoft Office Word 2007.lnk
[2012.09.29 11:39:10 | 000,000,249 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Desktop\BBW, Beamtenbund Baden-Württemberg, BBW-Magazin.url
[2012.09.26 12:52:07 | 000,000,172 | ---- | M] () -- C:\windows\System32\drivers\N360\0604000.009\isolate.ini
[2012.09.26 07:18:04 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.09.23 21:47:28 | 000,000,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Desktop\LEO Deutsch-Englisches Wörterbuch.url
[2012.09.22 12:50:48 | 000,001,741 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Desktop\Gebrauchtwagen Volkswagen, Passat, Variant 1.6 TDI Highline BMT Leder, Diesel, € 22.430,- AutoScout24 Detailansicht.url
[2012.09.22 09:19:49 | 000,594,024 | ---- | M] () -- C:\windows\System32\drivers\N360\0603000.00E\Cat.DB
[2012.09.16 21:26:46 | 000,000,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Desktop\LEO Deutsch-Französisches Wörterbuch.url
[2012.09.12 15:06:16 | 000,002,123 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FRITZ!Box starter.lnk
[2012.09.12 13:32:33 | 000,492,742 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.09.12 13:32:33 | 000,473,038 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.09.12 13:32:33 | 000,091,000 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.09.12 13:32:33 | 000,076,132 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.09.12 13:14:04 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.07 10:25:53 | 000,001,875 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MSN Installer.lnk
[2012.10.07 10:22:31 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.06 22:16:32 | 000,000,047 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\msconfig.ini
[2012.10.02 22:46:27 | 000,003,644 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Desktop\Ergebnisse 4. Spieltag D-Junioren Kreisligen Kreis Karlsruhe (bfv-D-Junioren Kreisliga Kreis Karlsruhe, D-Junioren) - Spieljahr 12-13 Baden bei FUSSBALL.DE.url
[2012.09.29 11:39:10 | 000,000,249 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Desktop\BBW, Beamtenbund Baden-Württemberg, BBW-Magazin.url
[2012.09.22 12:50:48 | 000,001,741 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Desktop\Gebrauchtwagen Volkswagen, Passat, Variant 1.6 TDI Highline BMT Leder, Diesel, € 22.430,- AutoScout24 Detailansicht.url
[2012.07.05 22:59:12 | 000,000,040 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pqtpcncfbotxyda
[2012.02.16 07:57:56 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2011.12.21 20:46:46 | 000,037,336 | ---- | C] () -- C:\windows\System32\CleanMFT32.exe
[2011.07.23 19:44:30 | 001,008,736 | ---- | C] () -- C:\Programme\AmazonMP3Installer-de_DE.exe
[2011.07.13 21:27:41 | 021,005,599 | ---- | C] () -- C:\Programme\vlc-1.1.10-win32.exe
[2011.02.09 21:06:33 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2011.02.06 13:31:02 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe
[2011.01.07 14:08:14 | 010,969,088 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2011.01.07 14:07:06 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011.01.07 14:03:50 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2011.01.07 13:47:33 | 004,562,945 | ---- | C] () -- C:\Programme\YouTubeDownloaderSetup264.exe
[2011.01.07 13:45:45 | 016,245,112 | ---- | C] () -- C:\Programme\Zattoo-4.0.5.exe
[2011.01.07 13:39:23 | 014,030,096 | ---- | C] () -- C:\Programme\GoogleEarthWin601.exe
[2010.10.28 19:09:54 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.10.27 13:19:40 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.09.25 14:51:53 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\$_hpcst$.hpc
[2010.02.23 18:11:53 | 000,040,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.14 23:27:06 | 018,499,623 | ---- | C] () -- C:\Programme\vlc-1.0.5-win32.exe
========== ZeroAccess Check ==========
[2010.02.15 11:46:07 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.12.22 07:07:57 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
< End of report >
Jetzt die Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.10.2012 20:09:19 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Hartmann\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 66,91% Memory free
4,84 Gb Paging File | 3,86 Gb Available in Paging File | 79,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4606 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 414,88 Gb Free Space | 89,08% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 11,05 Gb Free Space | 56,59% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 176,44 Gb Free Space | 90,34% Space Free | Partition Type: NTFS
Drive F: | 250,91 Gb Total Space | 210,87 Gb Free Space | 84,04% Space Free | Partition Type: NTFS
Computer Name: HARTMANN-65F68F | User Name: Hartmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-842925246-412668190-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\1&1\IGDCTRL.EXE" = C:\Programme\1&1\IGDCTRL.EXE:*:Enabled:FRITZ!Box starter - igdctrl.exe -- (AVM Berlin)
"C:\Programme\1&1\FBoxUpd.exe" = C:\Programme\1&1\FBoxUpd.exe:*:Enabled:FRITZ!Box starter - fboxupd.exe -- (AVM Berlin)
"C:\Programme\1&1\WebwaIgd.exe" = C:\Programme\1&1\WebwaIgd.exe:*:Enabled:FRITZ!Box starter - webwaigd.exe -- (AVM Berlin)
"H:\fsetup.exe" = H:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\HP\HP Color LaserJet CM1312 MFP Series\hppfsu_cm1312.exe" = C:\Programme\HP\HP Color LaserJet CM1312 MFP Series\hppfsu_cm1312.exe:*:Enabled:HP Networked Printer Installer -- ()
"F:\Spiele\StrongholdLegends.exe" = F:\Spiele\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\SweetImSetup.exe" = C:\Programme\SweetImSetup.exe:*:Enabled:SweetIM Installer
"C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6A3WOEZG\Facemoods[1].exe" = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6A3WOEZG\Facemoods[1].exe:*:Enabled:InstallCore™
"F:\Spiele\MountandBlade\Steam.exe" = F:\Spiele\MountandBlade\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"F:\Spiele\MountandBlade\SteamApps\common\mount & blade with fire and sword\mb_wfas.exe" = F:\Spiele\MountandBlade\SteamApps\common\mount & blade with fire and sword\mb_wfas.exe:*:Enabled:Mount & Blade: With Fire and Sword -- ( Taleworlds Entertainment)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1A96B1A9-3D8B-4E41-ADB8-8CACCD14CA14}" = Dino Island
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22E4CA5B-3829-4C61-9A9C-E4729C96C133}" = hppscanCM1312
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 30
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3865D924-89FD-4D9B-A276-5938A397FFC4}" = hppFaxUtilityCM1312
"{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4020558F-6186-4A9B-BE59-B1D190D4E368}" = Wildlife Park 2 Platinum
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D106AEC-ED45-4F6E-BD99-C88C8E75857F}" = hppManualsCM1312
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{545C0721-295B-498B-B306-FBAFE01FC319}" = hppSendFaxCM1312
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6D70B0D8-63D0-4D88-A0DF-97818C4595B1}" = hppCLJCM1312
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75DEC63E-92C6-403C-ABDF-8AEFEC61C704}" = hppFaxDrvCM1312
"{766D1E50-816B-417A-B8F7-3BC0B4A1913D}" = hppPQVideoCM1312
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 3.1
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{97B4DF0B-7499-455F-AFBA-F70F64D6D86A}" = SweetIM for Messenger 3.5
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A651EC5E-A4FB-4AA6-B542-3F7ECB08D119}" = hppScanToCM1312
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.3.115
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC42EE05-1F5D-4B92-851A-DBFE81088A0C}" = QuickSteuer 2010
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2390904-74BD-48AA-B2CC-6612F8D46379}" = GameShadow
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B95350D0-DA64-468E-9DD0-308C78409538}" = hppTLBXFXCM1312
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011c
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C61B2B59-75D2-4203-B589-E0102C3A6F32}" = QuickSteuer Wissens-Center 2012
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{E92BCB17-FD2B-4AE3-882D-7C91B382AA66}" = hpzTLBXFX
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7F7FE98-9D77-449B-A4EB-6F527AD1CCB4}" = hppusgCM1312
"{FD2E172E-1937-488C-8AA2-AC4E623689CF}" = Rescue Helicopter
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"CCleaner" = CCleaner
"Complitly_is1" = Complitly
"DivX Setup" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Freeware.de Toolbar" = Freeware.de Toolbar
"FYTDL DB Toolbar" = FYTDL DB Toolbar
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mount&Blade" = Mount&Blade
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sesam Decouvertes 4" = Sesam Découvertes 4 deinstallieren
"Sesam Decouvertes 4 - vTB90" = Sesam Découvertes 4 deinstallieren
"Sesam Decouvertes Cadet 2 - vTB86" = Sesam Découvertes Cadet 2 deinstallieren
"Sesam Decouvertes Cadet 2 - vTB90" = Sesam Découvertes Cadet 2 deinstallieren
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 48720" = Mount & Blade: With Fire and Sword
"TmNationsForever_is1" = TmNationsForever
"U-Boote: Schlacht im Mittelmeer" = U-Boote: Schlacht im Mittelmeer
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.2
"Vtune_is1" = Vtune 7.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect
"Zattoo4" = Zattoo4 4.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.09.2012 12:20:45 | Computer Name = HARTMANN-65F68F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.09.2012 12:20:45 | Computer Name = HARTMANN-65F68F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 28.09.2012 09:17:04 | Computer Name = HARTMANN-65F68F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 28.09.2012 09:18:50 | Computer Name = HARTMANN-65F68F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 01.10.2012 13:13:50 | Computer Name = HARTMANN-65F68F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 07.10.2012 04:03:55 | Computer Name = HARTMANN-65F68F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 07.10.2012 04:04:42 | Computer Name = HARTMANN-65F68F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 07.10.2012 04:05:07 | Computer Name = HARTMANN-65F68F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 07.10.2012 04:05:07 | Computer Name = HARTMANN-65F68F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 07.10.2012 04:05:07 | Computer Name = HARTMANN-65F68F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
[ OSession Events ]
Error - 16.03.2011 15:15:42 | Computer Name = HARTMANN-65F68F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19432
seconds with 480 seconds of active time. This session ended with a crash.
Error - 13.06.2011 17:22:13 | Computer Name = HARTMANN-65F68F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 1690
seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.12.2011 20:25:50 | Computer Name = HARTMANN-65F68F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30712
seconds with 3060 seconds of active time. This session ended with a crash.
Error - 02.02.2012 17:36:47 | Computer Name = HARTMANN-65F68F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22617
seconds with 2820 seconds of active time. This session ended with a crash.
Error - 23.02.2012 12:23:39 | Computer Name = HARTMANN-65F68F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 12814 seconds with 240 seconds of active time. This session ended with a
crash.
Error - 17.06.2012 09:07:46 | Computer Name = HARTMANN-65F68F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14618
seconds with 3480 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07.10.2012 04:22:36 | Computer Name = HARTMANN-65F68F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 07.10.2012 04:28:13 | Computer Name = HARTMANN-65F68F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "wuauserv"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 07.10.2012 04:38:16 | Computer Name = HARTMANN-65F68F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 07.10.2012 04:38:16 | Computer Name = HARTMANN-65F68F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 07.10.2012 04:38:42 | Computer Name = HARTMANN-65F68F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 07.10.2012 04:39:38 | Computer Name = HARTMANN-65F68F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 07.10.2012 04:39:50 | Computer Name = HARTMANN-65F68F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 07.10.2012 05:10:58 | Computer Name = HARTMANN-65F68F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 07.10.2012 05:15:29 | Computer Name = HARTMANN-65F68F | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
Error - 07.10.2012 14:04:09 | Computer Name = HARTMANN-65F68F | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
< End of report >
Das ist jede Menge Lesestoff!!! Grüße http://www.trojaner-board.de/images/smilies/crazy.gif Joni |
| Themen zu GVU Trojaner auf xp |
| anleitung, anti, anti maleware, anti-malware, autostart, betrug, dateien, ergebnis, euro, explorer, folge, gelöscht, gvu trojaner, infizierte, internet, neu, programm, quarantäne, rechner, schreibfehler, seite, service pack 3, speicher, system, trojan.agent, trojaner, version, weißer bildschirm |
Baum-Darstellung