| |
| |||||||
Log-Analyse und Auswertung: Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.10.2012, 17:43
| #1 |
| |  Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' Hallo! Avira hat Dienstag- und Mittwochabend nachfolgende Viren gefunden und in Quarantäne gelegt. Seitdem ist wieder alles ruhig. Hier die Ereignisse von avira: Code:
ATTFilter
Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:01:01
In der Datei 'C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:01:04
In der Datei 'C:\Users\Doeni\AppData\Local\Temp\msimg32.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:01:04
In der Datei 'C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
System Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:02:38
Die Datei 'C:\Users\Doeni\AppData\Local\Temp\msimg32.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 56c7602a.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e504fb5.qua' verschoben!
System Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:13:31
Die Datei 'C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 55446519.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dd34b46.qua' verschoben!
Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 20:03:22
In der Datei 'C:\Users\Doeni\sudbyzquxqus.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
System Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 20:11:28
Die Datei 'C:\Users\Doeni\sudbyzquxqus.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 55695576.qua erstellt ( QUARANTÄNE ).
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3374835662-2939492500-1884947871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sudbyzquxqus> wurde erfolgreich repariert.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dfe7a91.qua' verschoben!
Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 20:31:50
In der Datei 'C:\Users\Doeni\AppData\Local\Temp\7290129.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
System Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 21:01:04
Die Datei 'C:\Users\Doeni\AppData\Local\Temp\7290129.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '559ba191.qua' verschoben!
Habe defogger benutzt: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:56 on 19/10/2012 (Doeni) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Hier nun OTL.txt: Code:
ATTFilter OTL logfile created on: 19.10.2012 16:04:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doeni\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,61% Memory free 4,21 Gb Paging File | 3,18 Gb Available in Paging File | 75,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 126,95 Gb Total Space | 18,43 Gb Free Space | 14,52% Space Free | Partition Type: NTFS Drive E: | 78,12 Gb Total Space | 17,10 Gb Free Space | 21,89% Space Free | Partition Type: NTFS Drive P: | 27,80 Gb Total Space | 10,79 Gb Free Space | 38,80% Space Free | Partition Type: NTFS Computer Name: DOENI-PC | User Name: Doeni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.19 16:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doeni\Downloads\OTL.exe PRC - [2012.08.09 10:25:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.09.14 00:26:26 | 000,573,104 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe PRC - [2007.03.28 20:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\psqltray.exe PRC - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.14 00:26:26 | 000,573,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2010.12.30 00:14:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.06.02 11:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.03.29 05:42:42 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.27 09:53:18 | 000,027,488 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2009.04.29 16:47:47 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.02.09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.02.09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.02.09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.02.09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.06.26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2007.10.18 13:33:48 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2007.04.11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007.04.11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2007.04.11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.10.05 12:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.belinea.de IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.belinea.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 FE 70 16 64 8F CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/ie.aspx?q={searchTerms} IE - HKCU\..\SearchScopes\Google.de: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.tagesschau.de" FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.2 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: P:\itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: P:\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: P:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: P:\codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: P:\codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: P:\adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: P:\Nokia PC Suite 7\bkmrksync\ [2009.10.28 20:26:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.08 15:31:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: P:\Mozilla Sunbird\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: P:\Mozilla Sunbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: P:\thunderbird\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: P:\thunderbird\plugins [2012.01.08 15:31:18 | 000,000,000 | ---D | M] [2009.01.16 13:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Extensions [2012.10.18 21:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions [2011.06.25 16:46:11 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011.06.25 16:46:09 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66} [2011.05.19 21:40:38 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2009.04.01 22:40:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\moveplayer@movenetworks.com [2009.01.16 13:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\toolbar_extras@de.yahoo.com [2009.12.02 15:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Sunbird\Profiles\33a9gc06.default\extensions [2010.10.20 13:24:24 | 000,002,895 | ---- | M] () -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\searchplugins\blackle.xml [2012.03.13 22:37:03 | 000,002,289 | ---- | M] () -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\searchplugins\ecosia.xml [2010.03.31 13:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.01.16 13:25:33 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com [2009.11.23 15:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.03.31 13:57:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.04 23:36:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.04 23:36:42 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.04.04 23:36:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.04 23:36:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.04 23:36:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - P:\java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 9 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - P:\office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Doeni\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Doeni\Desktop\PartyPoker.lnk File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21C445E5-65D2-42D3-A32A-7C08AAEC225D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Doeni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Doeni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b2b15813-6356-11df-b6d6-001d92144282}\Shell - "" = AutoRun O33 - MountPoints2\{b2b15813-6356-11df-b6d6-001d92144282}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{f3c8173c-f2cc-11de-9feb-001d924d5491}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe O33 - MountPoints2\{f58238ed-2cec-11df-9b94-001d92144282}\Shell - "" = AutoRun O33 - MountPoints2\{f58238ed-2cec-11df-9b94-001d92144282}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.19 16:01:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.19 16:01:35 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.19 16:01:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.19 16:00:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.19 15:57:17 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.19 15:57:01 | 000,000,020 | ---- | M] () -- C:\Users\Doeni\defogger_reenable [2012.10.19 15:54:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.19 15:31:12 | 001,745,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.15 14:39:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.10.12 17:47:32 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.12 17:47:32 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.12 17:47:32 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.12 17:47:32 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.12 17:44:12 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2012.10.01 19:54:37 | 000,105,472 | ---- | M] () -- C:\Users\Doeni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.19 15:56:38 | 000,000,020 | ---- | C] () -- C:\Users\Doeni\defogger_reenable [2012.06.14 19:52:18 | 000,072,220 | ---- | C] () -- C:\Users\Doeni\ESt2011_Kölzer_Sarah.elfo [2011.10.20 21:59:30 | 000,007,596 | ---- | C] () -- C:\Users\Doeni\ESt2010_Kölzer_Sarah.elfo [2011.09.17 12:39:50 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2011.08.05 18:32:35 | 000,000,680 | RHS- | C] () -- C:\Users\Doeni\ntuser.pol [2010.03.15 17:54:31 | 000,004,096 | -H-- | C] () -- C:\Users\Doeni\AppData\Local\keyfile3.drm [2009.05.25 18:20:02 | 000,110,241 | ---- | C] () -- C:\Users\Doeni\AppData\Roaming\mdbu.bin [2009.02.14 03:10:39 | 000,000,680 | ---- | C] () -- C:\Users\Doeni\AppData\Local\d3d9caps.dat [2009.01.16 13:41:43 | 000,105,472 | ---- | C] () -- C:\Users\Doeni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.03.28 17:30:23 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\46developments [2011.11.01 17:35:26 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Aegisub [2012.02.10 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Audacity [2012.06.24 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Azureus [2010.11.04 12:06:48 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Canon [2012.06.07 10:07:45 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Dropbox [2011.10.20 21:27:14 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\elsterformular [2009.03.17 22:59:46 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\FreeDoko [2011.01.08 18:38:50 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\GARMIN [2009.07.14 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\ICQ [2009.10.28 19:59:36 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Jumping Bytes [2011.11.01 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\mkvtoolnix [2009.10.29 10:37:13 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Mobile Master [2009.10.29 11:08:45 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Nokia [2010.03.29 14:54:25 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Notepad++ [2009.10.28 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\PC Suite [2010.10.28 14:27:46 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\ProtectDisc [2011.09.17 12:39:50 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Spyware Terminator [2010.07.25 13:46:50 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\streamripper [2010.07.25 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\TheLastRipper [2009.01.27 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Thunderbird [2009.02.10 02:10:36 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\TuneUp Software [2011.11.01 19:29:52 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > und Extra.txt : Code:
ATTFilter OTL Extras logfile created on: 19.10.2012 16:04:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doeni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,61% Memory free
4,21 Gb Paging File | 3,18 Gb Available in Paging File | 75,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,95 Gb Total Space | 18,43 Gb Free Space | 14,52% Space Free | Partition Type: NTFS
Drive E: | 78,12 Gb Total Space | 17,10 Gb Free Space | 21,89% Space Free | Partition Type: NTFS
Drive P: | 27,80 Gb Total Space | 10,79 Gb Free Space | 38,80% Space Free | Partition Type: NTFS
Computer Name: DOENI-PC | User Name: Doeni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "P:\office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- P:\vlc\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "P:\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- P:\vlc\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "P:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "P:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "P:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01153A24-E918-4E76-85F1-DA089DE2700B}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F630F58-73F5-4317-9DD5-B747E596B450}" = rport=139 | protocol=6 | dir=out | app=system |
"{127BC208-63BB-4790-813E-385B85468031}" = rport=137 | protocol=17 | dir=out | app=system |
"{2DA088D6-6E82-427F-8E71-11D14F79F906}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{365338D6-A429-4CAC-ACCA-F2C38164422B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{37BEABEA-BF8E-4893-A9C1-5292687EFCD6}" = rport=445 | protocol=6 | dir=out | app=system |
"{DEA498CE-671F-4696-A0FC-D0511B1342ED}" = lport=139 | protocol=6 | dir=in | app=system |
"{F28BFD8B-FBCB-436C-9A6C-87CF18F86243}" = lport=138 | protocol=17 | dir=in | app=system |
"{F37F1FD3-3092-48AA-9A82-CBA23A371172}" = lport=445 | protocol=6 | dir=in | app=system |
"{F5830B5B-0AFC-4498-A552-0A100CF4526A}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026C734E-CF8A-403D-B743-DDB1E715AC7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{0E455403-DCFF-4D9B-A476-C5F9196D173A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0EFAEF96-5CC3-4310-853A-DDB9EA65876D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{13293FB0-B922-454D-B475-081D277D940D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{1DFA0C8E-4C75-4486-B81C-5972EFEEF30D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29BD3B11-DF3C-4F5A-A9D3-C7DE66C2D69B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2A344B9B-9DFD-4743-B28D-0AADCCDD206E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{36EAF98E-6D41-4021-93F1-79DD0E1A4073}" = dir=in | app=p:\skype\phone\skype.exe |
"{482FCC81-93EC-4533-891A-F1E3A8CE2E49}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{4D0B9CE7-28A9-46AA-A075-3612AAAF4B21}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{5979AE78-5927-4D95-BC9D-6CE407CB0A62}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{783A4E31-39D0-4AEF-B26F-D7F80F8DBD07}" = protocol=6 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe |
"{8694CC1A-7094-455F-8D74-60993720A3EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9A4E29B6-2634-4A1C-84A5-249C056E7429}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9A82747F-2D44-4B02-85C9-0942F90B4A68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{9BA2EB8A-76B2-4592-A958-5F912A04A392}" = protocol=17 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe |
"{A459FEF5-3F2F-4504-99BB-EE075145F082}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AC8F84FF-7627-4ED9-9043-927012C88E22}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{AE1A01CB-F950-46D3-BDB6-06F92E1EAD9E}" = dir=in | app=p:\itunes\itunes.exe |
"{B01EEAB2-BCCD-4C6A-A281-D662326D0CDA}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{B2151D44-818B-4519-840A-7A6952196E4A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B957DD37-DAF6-45ED-BC81-BF4E6DA46545}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{C348F6DE-F9E3-4EC0-A096-FF2715399F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4AFC8A8-6973-4A4D-9B3E-FE7BD2B9546A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C8C496F7-FB22-4E46-951F-A7AC1D6E53F8}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{DA6E82A5-C8B1-4201-A89A-E3594DB0D006}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{EE31AA8E-8FCA-408D-90A2-FF0AF6496FAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{FF0F453F-6F93-404B-B73D-6792FBDD2E0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{06E325BB-E060-4116-BCEA-059CDB5B4003}P:\java\bin\javaw.exe" = protocol=6 | dir=in | app=p:\java\bin\javaw.exe |
"TCP Query User{06E57A23-0BC2-47A4-9106-2A0D8AFAF0C3}P:\vuze\azureus.exe" = protocol=6 | dir=in | app=p:\vuze\azureus.exe |
"TCP Query User{0FB724FE-207D-47F7-BC3F-DB1778072158}P:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=p:\sopcast\adv\sopadver.exe |
"TCP Query User{200006BB-AEDE-4652-95FB-D46C25A6427F}D:\setup.exe" = protocol=6 | dir=in | app=d:\setup.exe |
"TCP Query User{44558397-DEE4-4613-AB97-B581C959CD81}P:\java\bin\javaw.exe" = protocol=6 | dir=in | app=p:\java\bin\javaw.exe |
"TCP Query User{5945BE1B-EFD4-4D13-9387-4E48AF419FC6}P:\icq6.5\icq.exe" = protocol=6 | dir=in | app=p:\icq6.5\icq.exe |
"TCP Query User{690D02B8-19D4-46AA-8C83-7FE5CABD476F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{743BEA8E-2B46-494D-B308-92F8EB22108E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{77B58778-9CB7-4AC8-93A3-4C57BEC70304}P:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=p:\sopcast\sopcast.exe |
"TCP Query User{84CAD570-4C3D-415E-97E9-60A0360DE79C}P:\trillian\trillian.exe" = protocol=6 | dir=in | app=p:\trillian\trillian.exe |
"TCP Query User{856BC50B-521D-418A-944E-5D785A6D1E45}P:\trillian\trillian.exe" = protocol=6 | dir=in | app=p:\trillian\trillian.exe |
"TCP Query User{963D318B-AAB9-48D8-A28F-B20601F48A3B}P:\emule\emule.exe" = protocol=6 | dir=in | app=p:\emule\emule.exe |
"TCP Query User{97F8600B-8950-4875-8890-6444113BBAF3}P:\vuze\azureus.exe" = protocol=6 | dir=in | app=p:\vuze\azureus.exe |
"TCP Query User{AED0A524-CA87-494B-B72B-2513D616CA19}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DA121AFA-4C18-4D75-BDB3-DA7C6E1310C9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DECF8E31-2A06-4913-B084-7D1144B9A56A}C:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{10AEF358-B5A1-4E0B-88AE-1C0ECA446551}P:\trillian\trillian.exe" = protocol=17 | dir=in | app=p:\trillian\trillian.exe |
"UDP Query User{10BC9455-83EA-4335-AC30-DBCCF6847F0A}P:\vuze\azureus.exe" = protocol=17 | dir=in | app=p:\vuze\azureus.exe |
"UDP Query User{2E5FF665-C126-4A7E-9A28-0CBC89C9E152}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{33C586CB-E206-48E9-B0D7-A82624BA452E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4E173D44-3518-4A4D-9211-2EC2844D5C49}P:\trillian\trillian.exe" = protocol=17 | dir=in | app=p:\trillian\trillian.exe |
"UDP Query User{6633BCE5-571D-45B3-8C7E-8496B4473D1F}D:\setup.exe" = protocol=17 | dir=in | app=d:\setup.exe |
"UDP Query User{70739042-E950-44DE-8391-F462C19B5743}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{8222D54A-6BF2-4C16-8907-F33B8A653378}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{928203BC-A629-488C-BD04-DD8F0A1422EF}P:\java\bin\javaw.exe" = protocol=17 | dir=in | app=p:\java\bin\javaw.exe |
"UDP Query User{98CF290A-662B-4990-91A8-CDB9913B7872}P:\icq6.5\icq.exe" = protocol=17 | dir=in | app=p:\icq6.5\icq.exe |
"UDP Query User{A459DF0E-C811-4295-A42C-D63780004AC3}C:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D3B174BE-C133-4B95-90BF-DBF9B8D3F6EC}P:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=p:\sopcast\adv\sopadver.exe |
"UDP Query User{D478BEAD-3A34-4C1E-A559-66D6955330B7}P:\emule\emule.exe" = protocol=17 | dir=in | app=p:\emule\emule.exe |
"UDP Query User{E58AF51B-4651-49EF-B926-9476743C9BB9}P:\vuze\azureus.exe" = protocol=17 | dir=in | app=p:\vuze\azureus.exe |
"UDP Query User{EE55C92D-9296-462D-9534-66C8EA611C26}P:\java\bin\javaw.exe" = protocol=17 | dir=in | app=p:\java\bin\javaw.exe |
"UDP Query User{FCAC9316-BAE8-4ED2-872F-B3EFF031965D}P:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=p:\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03BEFEBD-7303-4F8E-96E1-BDB4CA5962F5}" = SILKYPIX Developer Studio 3.0G Free version
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{115C6DA4-A8B1-4DA2-B675-302576FD04FB}" = LUMIX RAW Codec 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}" = AveoCap
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.8
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 19
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3748D2FC-83CB-445A-87D8-DE88080FBB4F}" = Power Voice II
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A3C031C-4688-4105-B441-5393C36139D3}" = Rund um (2.0) ... Seydlitz Geographie 2 RP
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{66EBD70F-A42C-475F-AEDF-277378151031}" = Nero 7 Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.9
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Any DWG to Image Converter_is1" = Any DWG to Image Converter 2010
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AvaCam_is1" = AvaCam v3.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Fotowelt" = dm Fotowelt
"DVD Shrink_is1" = DVD Shrink 3.2
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)
"EasyGPS_is1" = EasyGPS 4.18
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)
"FreeDoko" = FreeDoko 0.7.5
"Google Updater" = Google Updater
"InstallShield_{03BEFEBD-7303-4F8E-96E1-BDB4CA5962F5}" = SILKYPIX Developer Studio 3.0G Free version
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 5.0.1
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"PartyPoker" = PartyPoker
"Recuva" = Recuva
"Rossmannr Online Print Wizard Installer_is1" = Rossmann Online Print Wizard Installer 1.0
"SopCast" = SopCast 3.3.2
"Streamripper" = Streamripper (Remove only)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TheLastRipper" = TheLastRipper 1.4
"Trillian" = Trillian
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VLC media player" = VLC media player 0.9.8a
"vLite_is1" = vLite
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"Vuze" = Vuze
"WAV to MP3" = WAV to MP3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 3.0.3.4
"XviD" = XviD MPEG-4 Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.04.2012 11:45:05 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 428690
Error - 07.04.2012 11:45:05 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 428690
Error - 07.04.2012 11:45:20 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.04.2012 11:45:20 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 444150
Error - 07.04.2012 11:45:20 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 444150
Error - 07.04.2012 11:45:36 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.04.2012 11:45:36 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 459750
Error - 07.04.2012 11:45:36 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 459750
Error - 07.04.2012 11:45:52 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.04.2012 11:45:52 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 475350
Error - 07.04.2012 11:45:52 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 475350
[ System Events ]
Error - 17.10.2012 17:29:30 | Computer Name = Doeni-PC | Source = DCOM | ID = 10010
Description =
Error - 18.10.2012 14:27:28 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 18.10.2012 14:27:37 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 18.10.2012 16:07:56 | Computer Name = Doeni-PC | Source = DCOM | ID = 10010
Description =
Error - 19.10.2012 09:32:45 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 19.10.2012 09:32:46 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 19.10.2012 09:46:58 | Computer Name = Doeni-PC | Source = BROWSER | ID = 8032
Description =
Error - 19.10.2012 10:02:42 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 19.10.2012 10:02:43 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 19.10.2012 10:16:26 | Computer Name = Doeni-PC | Source = BROWSER | ID = 8032
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-19 17:40:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: rzj6dc4i.exe; Driver: C:\Users\Doeni\AppData\Local\Temp\pwtoapog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0xA8ABE444]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA8ABDC8A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xA8ABD958]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA8ABF520]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xA8ABDA68]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xA8ABDB5A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xA8ABE780]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA8ABDF9C]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA8ABE0D2]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xA8ABD77E]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xA8ABE6C8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA8ABE2BC]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 1A9 82AE886C 4 Bytes [44, E4, AB, A8]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82AE889C 4 Bytes [8A, DC, AB, A8]
.text ntkrnlpa.exe!KeSetEvent + 1E9 82AE88AC 4 Bytes [58, D9, AB, A8]
.text ntkrnlpa.exe!KeSetEvent + 215 82AE88D8 4 Bytes [20, F5, AB, A8]
.text ntkrnlpa.exe!KeSetEvent + 2D5 82AE8998 4 Bytes [68, DA, AB, A8]
.text ...
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019db9b4345
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d92144282
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d92144282@001c354e918d 0xA0 0xD5 0x6C 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 P:\DemonTools\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xEC 0x03 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCC 0x43 0xC5 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x58 0xDE 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019db9b4345 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d92144282 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d92144282@001c354e918d 0xA0 0xD5 0x6C 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 P:\DemonTools\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xEC 0x03 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCC 0x43 0xC5 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x58 0xDE 0x75 ...
---- EOF - GMER 1.0.15 ----
Ich hoffe es kann mir jemand helfen! Schonmal Danke im Voraus!! |
| Themen zu Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' |
| 32 bit, antivir, avira, bho, bonjour, desktop, error, excel, firefox, flash player, helper, home, install.exe, logfile, malware, mp3, plug-in, programm, realtek, recuva, recycle.bin, registry, required, scan, security, software, spyware, viren, virus, vista, windows |
Baum-Darstellung