![]() |
Log-Analyse und Auswertung: Telekom Post: (Erneute) Sicherheitswarnung zu Ihrem Internet-Zugang
![]() |
![]() | #1 |
| ![]() Telekom Post: (Erneute) Sicherheitswarnung zu Ihrem Internet-Zugang Guten Abend zusammen, seit einigen Tagen bombadiert mich die Telekom jetzt schon mit diesen bereits bekannten Briefen. Dennoch anbei der exakte Wortlaut: Sehr geehrte Frau ..., vor einiger Zeit haben wir Ihnen über das E-Mail Postfach Ihres Zugangs (*@t-online.de) mitgeteilt, dass von Ihrem Anschluss aus unerwünschte Zugriffe auf fremde Rechner erfolgt sind ("Hacking"). Vermutlich missbrauchen unbekannte Angreifer Ihren Internet-Zugang. Wir haben Ihren Internet-Zugang in diesem Zusammenhang wieder eindeutig als Quelle identifiziert. Daran besteht kein Zweifel, denn bei jeder Einwahl ins Internet wird Ihrem Router eine IP-Adresse zugewiesen. Wir konnten verlässlich ermitteln, dass die genannte IP-Adresse zum fraglichen Zeitpunkt Ihrer Zugangsnummer zugeordnet war. etc... Ich dachte ich bekomme das Problem allein in den Griff. Aber kurz darauf landete obiger Brief in der Post. Jetzt wäre ich sehr dankbar wenn sich einer von euch meiner Sache annehmen würde. Bei uns gehen 1 PC, 2 Laptops und 2-3 Smartphones ins Netz. Den PC hab ich bereits komplett formatiert, nur einige Daten blieben auf der externen. Passwort des Routers weiß im Prinzip nur ich und wurde auch eigenhändig von mir auf den anderen Systemen eingegeben. Auf beiden Laptops laufen unterstützend dauerhaft Viren-Programme. Bei einem habe ich bereits den DE-Cleaner und Malwarebytes Anti-Malware drüberlaufen lassen und, hoffentlich alles soweit in Ordnung gebracht. Der 2 ist heute Abend noch dran. Bevor ich mich nun mit den kompetenten Kundenservice der Telekom in Verbindung setzte, zusätzlich für Warteschleifen den Minutentakt bezahl oder einen nie endenden Strom an E-Mails über mich ergehen lassen muss würde jmd. mal einen Blick über die 3 Logs werfen und sagen wo es hapern könnte? Wollte nur mal vorsichtig anfragen ob sich wer die Müge macht, dann reich ich die Logs morgen im Laufe des Tages nach. ![]() |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Telekom Post: (Erneute) Sicherheitswarnung zu Ihrem Internet-Zugang hi
__________________was heißt, soweit in ordnung gebracht, auch diese logs benötige ich. bitte nummeriere die so, dass wir wissen welcher pc gemeint ist. und, es ist das gute recht, und außerdem löblich, dass die telekom bzw andere anbieter ihre nutzer auf probleme hinweisen, und, wenn nötig, den internet zugang einschrenken. das ist nötig zum schutz von anderen, da solche infizierten pcs spams versenden und zu anderen straftaten genutzt werden können, und außerdem auch ne info für den betroffenen.
Nummer 1:
20:08:16 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2012.11.06 20:08:16 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2012.11.06 20:08:08 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2012.11.06 20:08:08 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2012.11.06 20:08:08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2012.11.06 20:08:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2012.11.06 20:08:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll [2012.11.06 20:07:54 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2012.11.06 20:07:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2012.11.06 20:07:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2012.11.06 20:07:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2012.11.06 20:07:48 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2012.11.06 20:07:48 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2012.11.06 20:07:48 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2012.11.06 20:07:35 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2012.11.06 20:07:35 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2012.11.06 20:07:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2012.11.06 20:07:33 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe [2012.11.06 20:07:33 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2012.11.06 20:07:13 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.11.06 20:07:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2012.11.06 20:07:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.11.06 20:07:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2012.11.06 20:07:11 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2012.11.06 20:07:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2012.11.06 20:07:11 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2012.11.06 20:07:11 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll [2012.11.06 20:07:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll [2012.11.06 20:07:04 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2012.11.06 20:07:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2012.11.06 20:06:55 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2012.11.06 20:06:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2012.11.06 20:06:46 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2012.11.06 20:06:43 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2012.11.06 20:06:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2012.11.06 20:06:27 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2012.11.06 20:06:25 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2012.11.06 20:06:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2012.11.06 20:06:23 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2012.11.06 20:06:21 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2012.11.06 20:06:21 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2012.11.06 20:06:21 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2012.11.06 20:06:18 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2012.11.06 20:06:18 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2012.11.06 20:01:22 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2012.11.06 19:57:52 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2012.11.06 19:56:06 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2012.11.06 19:48:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\InstallShield [2012.11.06 19:44:25 | 002,381,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkHDMI.dll [2012.11.06 19:44:25 | 000,950,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RHDMIExt.dll [2012.11.06 19:44:25 | 000,154,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtHDMIV.sys [2012.11.06 19:44:25 | 000,034,304 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RHCoInst.dll [2012.11.06 19:39:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2012.11.06 19:38:44 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll [2012.11.06 19:38:42 | 001,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2012.11.06 19:38:42 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2012.11.06 19:38:42 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2012.11.06 19:38:42 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2012.11.06 19:38:42 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2012.11.06 19:38:41 | 002,389,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2012.11.06 19:38:41 | 000,956,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2012.11.06 19:38:41 | 000,322,080 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [2012.11.06 19:38:41 | 000,044,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll [2012.11.06 19:38:40 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2012.11.06 19:38:39 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2012.11.06 19:38:39 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2012.11.06 19:38:39 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2012.11.06 19:38:38 | 000,147,968 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll [2012.11.06 19:38:38 | 000,141,312 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [2012.11.06 19:38:38 | 000,060,416 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [2012.11.06 19:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.11.06 19:38:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2012.11.06 19:38:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp [2012.11.06 19:38:35 | 000,528,384 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2012.11.06 19:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012.11.06 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\ATI [2012.11.06 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\ATI [2012.11.06 19:36:25 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.11.06 19:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.11.06 19:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.11.06 19:34:03 | 000,000,000 | ---D | C] -- C:\ATI [2012.11.06 19:28:57 | 000,000,000 | R--D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.11.06 19:28:57 | 000,000,000 | R--D | C] -- C:\Users\Nick\Searches [2012.11.06 19:28:57 | 000,000,000 | R--D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.11.06 19:28:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Identities [2012.11.06 19:28:47 | 000,000,000 | R--D | C] -- C:\Users\Nick\Contacts [2012.11.06 19:28:45 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\VirtualStore [2012.11.06 19:28:42 | 000,000,000 | --SD | C] -- C:\Users\Nick\AppData\Roaming\Microsoft [2012.11.06 19:28:42 | 000,000,000 | R--D | C] -- C:\Users\Nick\Videos [2012.11.06 19:28:42 | 000,000,000 | R--D | C] -- C:\Users\Nick\Saved Games [2012.11.06 19:28:42 | 000,000,000 | R--D | C] -- C:\Users\Nick\Pictures [2012.11.06 19:28:42 | 000,000,000 | R--D | C] -- C:\Users\Nick\Music [2012.11.06 19:28:42 | 000,000,000 | R--D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.11.06 19:28:42 | 000,000,000 | R--D | C] -- C:\Users\Nick\Links [2012.11.06 19:28:42 | 000,000,000 | R--D | C] -- C:\Users\Nick\Favorites [2012.11.06 19:28:42 | 000,000,000 | R--D | C] -- C:\Users\Nick\Downloads [2012.11.06 19:28:42 | 000,000,000 | R--D | C] -- C:\Users\Nick\Documents [2012.11.06 19:28:42 | 000,000,000 | R--D | C] -- C:\Users\Nick\Desktop [2012.11.06 19:28:42 | 000,000,000 | R--D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Vorlagen [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\AppData\Local\Verlauf [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\AppData\Local\Temporary Internet Files [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Startmenü [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\SendTo [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Recent [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Netzwerkumgebung [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Lokale Einstellungen [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Documents\Eigene Videos [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Documents\Eigene Musik [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Eigene Dateien [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Documents\Eigene Bilder [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Druckumgebung [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Cookies [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\AppData\Local\Anwendungsdaten [2012.11.06 19:28:42 | 000,000,000 | -HSD | C] -- C:\Users\Nick\Anwendungsdaten [2012.11.06 19:28:42 | 000,000,000 | -H-D | C] -- C:\Users\Nick\AppData [2012.11.06 19:28:42 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Temp [2012.11.06 19:28:42 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Microsoft [2012.11.06 19:28:42 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Media Center Programs [2012.11.06 19:27:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.11.06 19:27:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.11.06 19:27:09 | 000,000,000 | -HSD | C] -- C:\Programme [2012.11.06 19:27:09 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.11.06 19:27:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.11.06 19:27:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.11.06 19:27:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.11.06 19:27:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.11.06 19:27:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.11.06 19:27:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.11.06 19:27:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.11.06 19:26:26 | 000,000,000 | ---D | C] -- C:\Windows\Debug [2012.11.06 19:21:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012.11.06 19:20:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.11.06 19:17:37 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.11.06 19:17:36 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.11.06 19:16:45 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.11.06 19:16:29 | 000,000,000 | -HSD | C] -- C:\Boot ========== Files - Modified Within 30 Days ========== [2012.11.09 16:41:06 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.09 16:41:06 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.09 16:41:06 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.09 16:41:06 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.09 15:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.09 15:45:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1310926933-1060758219-782088648-1000UA.job [2012.11.09 15:15:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.09 15:15:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.09 14:50:55 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012.11.09 13:15:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.09 13:15:42 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys [2012.11.08 21:45:47 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1310926933-1060758219-782088648-1000Core.job [2012.11.08 21:20:13 | 000,014,848 | ---- | M] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.08 20:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe [2012.11.08 07:00:24 | 000,027,126 | ---- | M] () -- C:\Users\Nick\Desktop\146734_FuerdieFussballer_1.jpg [2012.11.08 06:54:52 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.08 06:54:52 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.08 06:46:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.08 06:46:34 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.08 06:46:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.08 06:46:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.08 06:46:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.08 06:46:33 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.07 21:48:07 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.11.07 21:43:00 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.11.07 21:42:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.11.07 21:37:59 | 000,002,029 | ---- | M] () -- C:\Users\Nick\Desktop\Google Chrome.lnk [2012.11.07 21:06:20 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.07 19:39:52 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.07 19:37:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.07 19:02:48 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.11.07 19:02:48 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.11.07 19:02:40 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.07 19:02:40 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.07 19:02:40 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.07 19:02:40 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.07 19:02:40 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.07 19:02:40 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.07 19:02:40 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.07 19:02:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.07 19:02:39 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.07 19:02:39 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.07 19:02:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.07 19:02:39 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.07 19:02:39 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.07 19:02:39 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.07 19:02:39 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.07 19:02:39 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.07 19:02:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.07 19:02:39 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.07 19:02:39 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.07 19:02:39 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.07 19:02:39 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.07 19:02:39 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.07 19:02:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.07 19:02:39 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.07 19:02:39 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.11.07 19:02:39 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.07 19:02:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.07 19:02:39 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.07 19:02:38 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.07 19:02:38 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.07 19:02:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.07 19:02:38 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.07 19:02:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.07 19:02:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.07 19:02:38 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.07 19:02:38 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.07 19:02:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.07 19:02:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.07 19:02:08 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.11.07 19:02:08 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.11.07 19:02:07 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.11.07 19:02:07 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.11.07 19:02:07 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.11.07 19:02:07 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.11.07 19:02:07 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.11.07 19:02:06 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.11.07 19:02:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.11.07 19:02:06 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.11.07 19:02:06 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.11.07 19:02:06 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.11.07 19:02:06 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.11.07 19:02:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.11.07 19:02:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.11.07 19:02:06 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.11.07 19:02:06 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.11.07 19:00:59 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.11.07 19:00:59 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.11.07 19:00:59 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.11.07 19:00:59 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.11.07 19:00:59 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.11.07 19:00:59 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012.11.07 19:00:59 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2012.11.07 17:57:56 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.11.07 17:39:46 | 000,000,680 | ---- | M] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat [2012.11.06 21:10:06 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.11.06 19:44:25 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll [2012.11.06 19:22:38 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf [2012.11.06 19:21:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2012.11.06 19:16:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe ========== Files Created - No Company Name ========== [2012.11.08 19:36:13 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012.11.08 07:00:24 | 000,027,126 | ---- | C] () -- C:\Users\Nick\Desktop\146734_FuerdieFussballer_1.jpg [2012.11.08 06:54:53 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.07 21:48:47 | 000,014,848 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.07 21:48:07 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.11.07 21:43:00 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.11.07 21:37:59 | 000,002,029 | ---- | C] () -- C:\Users\Nick\Desktop\Google Chrome.lnk [2012.11.07 21:35:41 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1310926933-1060758219-782088648-1000UA.job [2012.11.07 21:35:40 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1310926933-1060758219-782088648-1000Core.job [2012.11.07 21:06:20 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.11.07 21:06:20 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.07 19:37:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.07 19:02:39 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.11.07 18:09:48 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2012.11.07 18:09:47 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2012.11.07 18:09:42 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2012.11.07 18:09:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.11.07 18:09:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.11.07 18:09:39 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2012.11.07 18:09:37 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2012.11.07 18:09:30 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2012.11.07 18:09:29 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2012.11.07 18:09:11 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2012.11.07 18:09:08 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml [2012.11.07 17:57:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.11.07 17:57:55 | 3487,883,264 | -HS- | C] () -- C:\hiberfil.sys [2012.11.07 17:34:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.11.07 17:34:19 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2012.11.07 17:31:01 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2012.11.07 17:31:01 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2012.11.07 17:31:01 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2012.11.06 21:10:06 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.11.06 20:07:12 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2012.11.06 19:39:21 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss [2012.11.06 19:38:44 | 000,000,032 | R--- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2012.11.06 19:28:58 | 000,000,949 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.11.06 19:28:56 | 000,000,944 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.11.06 19:28:46 | 000,000,915 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.11.06 19:28:43 | 000,000,680 | ---- | C] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat [2012.11.06 19:22:21 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk [2012.11.06 19:21:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2012.11.06 19:16:30 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK [2012.11.06 19:16:29 | 000,333,257 | RHS- | C] () -- C:\bootmgr [2012.07.04 06:09:18 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2012.07.04 02:32:18 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.03.06 18:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== ========== Purity Check ========== < End of report > |
![]() | #4 |
Nummer 1: Extras:

OTL EXTRAS Logfile:
ATTFilter OTL Extras logfile created on: 09.11.2012 16:37:38 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Nick\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 69,22% Memory free 6,70 Gb Paging File | 5,73 Gb Available in Paging File | 85,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 596,17 Gb Total Space | 528,22 Gb Free Space | 88,60% Space Free | Partition Type: NTFS Drive D: | 7,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 3,79 Gb Total Space | 2,89 Gb Free Space | 76,30% Space Free | Partition Type: FAT32 Drive H: | 465,76 Gb Total Space | 232,71 Gb Free Space | 49,96% Space Free | Partition Type: NTFS Drive I: | 1,87 Gb Total Space | 0,08 Gb Free Space | 4,48% Space Free | Partition Type: FAT Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1310926933-1060758219-782088648-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03C18C8D-07EE-4735-9FAE-02444E4A867B}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{28DA5016-7DAC-49EC-BB50-E3944D7EE8BC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{403B2A73-5C0C-4DB7-B532-389F0639C17B}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{4D81E6EC-32C8-4113-B47A-A8637023D05A}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x- | "{74F02A82-4B84-4D1C-8744-2DADD6258D45}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "{97527876-3E13-45AF-9257-57182CE8EF7D}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "{BAD74138-FD05-48EF-89CC-3686A3172AA7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{C1C33D66-622F-41E4-A9A7-8C849662D9A5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{CA3F5A97-FDC8-4E60-BA13-AE8F73FD8BD7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{FB116A9F-B399-4EFB-B5F6-186BD8FDB81A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x- | "TCP Query User{32F40944-DA38-4E26-A7B9-185D0096CAE3}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "UDP Query User{24321C4F-DEF2-45E5-9CC1-10855D2D1FB0}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian "{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = AMD VISION Engine Control Center "{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese "{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish "{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English "{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish "{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch "{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All "{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech "{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German "{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish "{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish "{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek "{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian "{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish "{8E7C5578-1985-141E-4D5E-1FDEA31265C9}" = ccc-utility "{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy "{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese "{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{EAB74CB6-760C-2136-FC77-9549721FB84A}" = AMD Catalyst Install Manager "{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common "{F665F761-5EC4-40CF-3482-9D25A6B10C20}" = AMD Fuel "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "avast" = avast! Free Antivirus "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "VLC media player" = VLC media player 2.0.4 "World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1310926933-1060758219-782088648-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.11.2012 14:51:32 | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 07.11.2012 16:38:18 | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3013 Description = Error - 07.11.2012 17:16:15 | Computer Name = Nick-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Fuel.Service.exe, Version, Zeitstempel 0x4ff3d5ed, fehlerhaftes Modul Device.dll, Version, Zeitstempel 0x4f55e00b, Ausnahmecode 0xc0000005, Fehleroffset 0x00002bdc, Prozess-ID 0x7a4, Anwendungsstartzeit 01cdbd18c4e5ac77. Error - 08.11.2012 01:34:57 | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 08.11.2012 02:01:26 | Computer Name = Nick-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Fuel.Service.exe, Version, Zeitstempel 0x4ff3d5ed, fehlerhaftes Modul Device.dll, Version, Zeitstempel 0x4f55e00b, Ausnahmecode 0xc0000005, Fehleroffset 0x00002bdc, Prozess-ID 0x9d0, Anwendungsstartzeit 01cdbd72b3592519. Error - 08.11.2012 12:05:20 | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 08.11.2012 13:34:21 | Computer Name = Nick-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Fuel.Service.exe, Version, Zeitstempel 0x4ff3d5ed, fehlerhaftes Modul Device.dll, Version, Zeitstempel 0x4f55e00b, Ausnahmecode 0xc0000005, Fehleroffset 0x00002bdc, Prozess-ID 0x970, Anwendungsstartzeit 01cdbdcaad8c5159. Error - 08.11.2012 13:37:00 | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 08.11.2012 22:24:28 | Computer Name = Nick-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Fuel.Service.exe, Version, Zeitstempel 0x4ff3d5ed, fehlerhaftes Modul Device.dll, Version, Zeitstempel 0x4f55e00b, Ausnahmecode 0xc0000005, Fehleroffset 0x00002bdc, Prozess-ID 0x9ac, Anwendungsstartzeit 01cdbdd78274797b. Nummer 2:

OTL Logfile:
ATTFilter OTL logfile created on: 03.11.2012 21:27:02 - Run 1 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\Ingrid\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894,10 Mb Total Physical Memory | 451,30 Mb Available Physical Memory | 50,48% Memory free 2,12 Gb Paging File | 1,75 Gb Available in Paging File | 82,54% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 104,68 Gb Total Space | 57,24 Gb Free Space | 54,69% Space Free | Partition Type: NTFS Drive E: | 1,87 Gb Total Space | 0,08 Gb Free Space | 4,48% Space Free | Partition Type: FAT Computer Name: LAPTOP | User Name: Ingrid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.08 20:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ingrid\Desktop\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011.11.10 20:44:43 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.08.27 16:05:04 | 000,247,144 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2009.08.27 16:05:04 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.06.20 20:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2005.05.28 07:35:56 | 000,036,864 | R--- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.11.08 08:55:40 | 001,829,888 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12110800\algo.dll MOD - [2011.02.04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2006.01.19 05:33:38 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL MOD - [2005.10.19 10:17:58 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll MOD - [2005.05.28 07:35:56 | 000,036,864 | R--- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe MOD - [2005.05.27 21:03:06 | 000,364,666 | R--- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMCoreDll.dll ========== Services (SafeList) ========== SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.02 11:51:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.08.27 16:05:04 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2006.07.21 10:12:28 | 000,057,344 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2006.06.20 20:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005.05.28 07:35:56 | 000,036,864 | R--- | M] () [Auto | Running] -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service) SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20061216.001\symidsco.sys -- (SYMIDSCO) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avipbb.sys -- (avipbb) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006.06.29 21:13:08 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.06.03 02:11:18 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006.04.06 22:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) DRV - [2006.03.29 11:59:12 | 000,027,648 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter) DRV - [2006.03.29 07:50:14 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.01.19 02:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.01.16 19:15:24 | 000,470,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SSB2413.sys -- (SSB2413) DRV - [2005.11.16 19:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005.11.01 17:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005.11.01 16:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005.10.27 05:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO) DRV - [2005.05.24 14:26:02 | 000,019,840 | R--- | M] (Samsung) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SUE_PD.sys -- (SUEPD) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1486868250-1720889898-2589262450-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKU\S-1-5-21-1486868250-1720889898-2589262450-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKU\S-1-5-21-1486868250-1720889898-2589262450-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKU\S-1-5-21-1486868250-1720889898-2589262450-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-1486868250-1720889898-2589262450-1005\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1486868250-1720889898-2589262450-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=2&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Dokumente und Einstellungen\Julia\Desktop\=)\DivX\DivX Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version= c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version= c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version= C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version= C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version= c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008.11.29 18:34:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.10 20:45:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.11.03 21:03:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.02 11:51:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.23 17:42:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.07.17 12:08:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.11.10 20:45:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008.11.29 18:34:17 | 000,000,000 | ---D | M] [2009.10.16 20:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\Mozilla\Extensions [2009.10.16 20:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2012.10.22 18:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\Mozilla\Firefox\Profiles\0753317m.default\extensions [2008.10.28 13:20:30 | 000,000,894 | ---- | M] () -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\Mozilla\Firefox\Profiles\0753317m.default\searchplugins\conduit.xml [2012.10.29 23:07:45 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\Mozilla\Firefox\Profiles\0753317m.default\searchplugins\icqplugin.xml [2012.11.02 21:15:46 | 000,001,610 | ---- | M] () -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\Mozilla\Firefox\Profiles\0753317m.default\searchplugins\ixquick---deutsch.xml [2012.08.21 18:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.21 18:16:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.10.02 11:51:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.02 11:51:26 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Programme\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa2.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Programme\VideoLAN\VLC\npvlc.dll CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\Ingrid\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Ingrid\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ST Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (ST Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1486868250-1720889898-2589262450-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1486868250-1720889898-2589262450-1005\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKU\S-1-5-21-1486868250-1720889898-2589262450-1005\..\Toolbar\WebBrowser: (ST Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1486868250-1720889898-2589262450-1005..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Dokumente und Einstellungen\Ingrid\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1486868250-1720889898-2589262450-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FF276D6-145E-482D-AA3E-9EA819383B2C}: DhcpNameServer = O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ingrid\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ingrid\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.10.09 19:18:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{230e6ee4-ba8b-11de-9183-00137731e7e4}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.03 21:26:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ingrid\Desktop\OTL.exe [2012.11.03 21:04:13 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.11.03 21:04:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus [2012.11.03 21:04:12 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.11.03 21:04:09 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.11.03 21:04:08 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.11.03 21:04:07 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.11.03 21:04:05 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.11.03 21:04:05 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.11.03 21:04:04 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.11.03 21:03:26 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.11.03 21:03:24 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.11.03 21:02:48 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2012.11.03 21:02:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.10.31 18:59:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\Malwarebytes [2012.10.31 18:59:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.10.31 18:59:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.31 18:59:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.10.31 18:59:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.08 20:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ingrid\Desktop\OTL.exe [2012.11.03 21:25:59 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1486868250-1720889898-2589262450-1005.job [2012.11.03 21:25:54 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1486868250-1720889898-2589262450-1005.job [2012.11.03 21:11:16 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.03 21:04:13 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.11.03 21:04:07 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.11.03 21:04:06 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.11.03 20:59:16 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.03 20:59:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.03 20:59:02 | 937,603,072 | -HS- | M] () -- C:\hiberfil.sys [2012.11.03 20:47:36 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ingrid\Ÿ9Ÿ9 [2012.11.02 21:11:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.31 18:59:17 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.31 17:21:32 | 000,001,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Ingrid\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.10.31 17:21:31 | 000,001,821 | ---- | M] () -- C:\Dokumente und Einstellungen\Ingrid\Desktop\Avira DE-Cleaner.lnk [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.10.30 23:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.10.28 23:18:00 | 000,390,944 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.28 23:18:00 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.28 23:18:00 | 000,063,534 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.28 23:18:00 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.07 22:39:08 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.10.06 22:07:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.03 21:04:13 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2012.11.03 21:04:06 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.10.31 18:59:17 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.31 17:21:32 | 000,001,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Ingrid\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.10.31 17:21:31 | 000,001,821 | ---- | C] () -- C:\Dokumente und Einstellungen\Ingrid\Desktop\Avira DE-Cleaner.lnk [2012.04.25 21:32:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.04.23 17:37:10 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ingrid\Ÿ9Ÿ9 [2007.09.28 18:55:46 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Ingrid\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.12.29 01:00:15 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Ingrid\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.12.28 19:35:24 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html ========== ZeroAccess Check ========== [2006.10.09 19:14:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 21:28:07 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.03 21:02:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2007.06.24 19:29:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2011.01.01 15:51:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010.11.07 12:05:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2008.08.04 15:11:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2009.10.16 20:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2011.01.01 15:51:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\elsterformular [2012.01.14 07:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\ICQ [2007.02.26 21:17:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\ICQ Toolbar [2007.01.14 16:21:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\ICQLite [2009.11.11 19:31:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\OpenOffice.org [2012.04.23 17:44:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\PriceGong [2007.05.26 15:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\temp [2012.07.17 12:08:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\Thunderbird [2009.10.16 20:39:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ingrid\Anwendungsdaten\TomTom [2009.01.10 11:28:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julia\Anwendungsdaten\ICQ [2010.09.18 19:21:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julia\Anwendungsdaten\MSNInstaller [2011.03.26 17:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nick\Anwendungsdaten\ICQ ========== Purity Check ========== < End of report > Nummer 2: Extras: OTL EXTRAS Logfile: Code:
Nummer 2: Extras:

OTL EXTRAS Logfile: Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1486868250-1720889898-2589262450-1005\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Internet Explorer\IEXPLORE.EXE" = C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite "C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 "C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{0AD8AA88-0DE9-4065-A35E-529EB576A507}" = SA25x0 & SA26x0 Device Manager "{17CA6206-7109-4426-8EE0-1BD0BE54BCC9}" = Management Center "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver "{292E65F1-E9F8-4416-90A6-5916A8C95672}_is1" = Hello Kitty Online Download Manager "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter "{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software "{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{6A8E8F6F-6FE3-447B-847B-621D5455584F}_is1" = Hello Kitty Online: Dream Carnival Installer "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder "{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch "{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS "{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B18B7901-4025-4BFF-9DA2-BCC45F594DE2}" = Atheros WLAN Client "{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5 "{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord "{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0 "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten "{E12DA139-1E5B-46DB-BAEA-683DC9F27CBC}" = ATI Catalyst Control Center "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools "{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4220_Help "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Agere Systems Soft Modem" = SENS LT56ADW Modem "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ATI Display Driver" = ATI Display Driver "avast" = avast! Free Antivirus "CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000 "DVDXCopyXpress" = DVDXCopy Xpress 2.5.0 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "ElsterFormular für Privatanwender und Unternehmer" = ElsterFormular für Privatanwender und Unternehmer "Google Chrome" = Google Chrome "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.0 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0 "HPExtendedCapabilities" = HP Customer Participation Program 11.0 "ICQToolbar" = ICQ Toolbar "ICQ-Tools_is1" = die Knallpinke ICQ Blume "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0 "Lexmark 1200 Series" = Lexmark 1200 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSNINST" = MSN "Picasa2" = Picasa 2 "ProInst" = Intel(R) PROSet/Wireless Software "RealPlayer 12.0" = RealPlayer "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Shop for HP Supplies" = Shop for HP Supplies "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "SynTPDeinstKey" = Synaptics Pointing Device Driver "TomTom HOME" = TomTom HOME "VLC media player" = VLC media player 0.9.8a "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1486868250-1720889898-2589262450-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.11.2011 13:55:52 | Computer Name = LAPTOP | Source = MSSOAP | ID = 16 Description = Soap error: Connection failed or server refused connection (request might exceed MaxPostSize).. Error - 15.11.2011 13:55:52 | Computer Name = LAPTOP | Source = MSSOAP | ID = 16 Description = Soap error: Unspecified HTTP error.. Error - 11.12.2011 19:00:21 | Computer Name = LAPTOP | Source = Avira AntiVir | ID = 4118 Description = Error - 11.12.2011 19:00:34 | Computer Name = LAPTOP | Source = Avira AntiVir | ID = 4118 Description = Error - 20.12.2011 11:03:23 | Computer Name = LAPTOP | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 20.12.2011 11:03:24 | Computer Name = LAPTOP | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 20.02.2012 06:40:34 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung soffice.bin, Version 3.1.9420.500, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 17.03.2012 11:58:25 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung hpqdirec.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 20.04.2012 07:12:12 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 20.04.2012 07:12:13 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. [ System Events ] Error - 31.10.2012 11:58:19 | Computer Name = LAPTOP | Source = W32Time | ID = 39452706 Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +432213 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind und dass die Zeitquelle time.windows.com (ntp.m|0x1|> funktionsfähig ist. Error - 31.10.2012 11:59:28 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 31.10.2012 15:35:54 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 31.10.2012 17:12:29 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 02.11.2012 16:11:41 | Computer Name = LAPTOP | Source = W32Time | ID = 39452706 Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +432216 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind und dass die Zeitquelle time.windows.com (ntp.m|0x1|> funktionsfähig ist. Error - 02.11.2012 16:12:50 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 03.11.2012 15:45:45 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 03.11.2012 16:00:48 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet. Error - 03.11.2012 16:00:48 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: avipbb Error - 03.11.2012 16:10:02 | Computer Name = LAPTOP | Source = W32Time | ID = 39452706 Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +432216 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind und dass die Zeitquelle time.windows.com (ntp.m|0x1|> funktionsfähig ist. < End of report > |
![]() | #5 |
ja das ist otl, aber es fehlt noch eniges, was ich oben angefordert hab
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() |
Themen zu Telekom Post: (Erneute) Sicherheitswarnung zu Ihrem Internet-Zugang |
anderen, anschluss, anti-malware, daten, e-mail, frage, fragen, fremde, guten, heute, ide, komplett, kunde, kundenservice, malwarebytes, passwort, problem, rechner, router, service, sicherheitswarnung, systeme, telekom, unbekannte, unerwünschte, verbindung, zusammen |