|
Log-Analyse und Auswertung: Ist mein PC infiziert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.04.2013, 20:54 | #1 |
| Ist mein PC infiziert? Da von meinem Email account Spam-Mails versendet wurden, würde ich gern meinen Pc durchchecken lassen. Würde mich freuen, wenn ihr mir dabei helfen könntet. otl.txt Code:
ATTFilter OTL logfile created on: 28.04.2013 21:00:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Uli Minor\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 44,49% Memory free 4,00 Gb Paging File | 2,61 Gb Available in Paging File | 65,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,76 Gb Total Space | 61,57 Gb Free Space | 44,05% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,88% Space Free | Partition Type: NTFS Drive F: | 7,73 Gb Total Space | 0,76 Gb Free Space | 9,83% Space Free | Partition Type: NTFS Computer Name: ULIMINOR-PC | User Name: Uli Minor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Uli Minor\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\EPSON Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\funkwerk WIN-Tools\Eumex 401 WIN-Tools V1.00\ControlCenter.exe (Funkwerk Enterprise Communications GmbH) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (Pinnacle Systems) PRC - C:\Programme\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Windows\SMINST\Scheduler.exe () PRC - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\System32\msjetoledb40.dll () MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34886__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2589.35106__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34839__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34900__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.35144__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.35129__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34876__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34898__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34860__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.35011__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.35080__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.35177__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.35183__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34854__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.35024__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.35114__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.35093__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2589.35169__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.35098__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.35090__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2589.35168__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.35137__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2589.35085__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34915__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.35014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34863__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.35069__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34923__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34907__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.35045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.35012__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.35020__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.35044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34921__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.35066__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.35019__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.35208__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34848__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34870__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.35160__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34837__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.35158__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34838__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.35160__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2589.34836__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Windows\System32\btwhidcs.dll () MOD - C:\Windows\SMINST\Scheduler.exe () MOD - C:\Windows\SMINST\naspp.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\Hewlett-Packard\Digital Imaging\bin\crm\xmltok.dll () MOD - C:\Programme\Hewlett-Packard\Digital Imaging\bin\crm\xmlparse.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (PLFlash DeviceIoControl Service) -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (Com4Qlb) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) SRV - (ASBroker) -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation) SRV - (hpqcxs08) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (ASChannel) -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (lxcj_device) -- C:\Windows\System32\lxcjcoms.exe () SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin) SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation) DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA) DRV - (MODRC) -- C:\Windows\System32\drivers\modrc.sys (DiBcom S.A.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPNN_deDE308 IE - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CognizanceTS] C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006..\Run: [] File not found O4 - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006..\Run: [EPLTarget\P0000000000000002] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIH3E.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006..\Run: [MsgCmd] C:\ProgramData\MsgCmd\qvqjulmb.exe File not found O4 - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006..\Run: [PMCRemote] File not found O4 - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - Startup: C:\Users\Uli Minor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin) O4 - Startup: C:\Users\Uli Minor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) O4 - Startup: C:\Users\Uli Minor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-1339485197-3170389898-3667348218-1006\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3455A2CA-E268-4F19-8E76-1CF6C9E03181}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7A368FD-8FC8-4C84-95E5-9E7D3D6DA451}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Uli Minor\pool bei Nacht\DSC_0176.JPG O24 - Desktop BackupWallPaper: C:\Users\Uli Minor\pool bei Nacht\DSC_0176.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk F:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.28 20:58:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Uli Minor\Desktop\OTL.exe [2013.04.07 20:18:35 | 000,000,000 | ---D | C] -- C:\Users\Uli Minor\sicherung alter siemens stick [2013.04.04 19:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular ========== Files - Modified Within 30 Days ========== [2013.04.28 20:58:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uli Minor\Desktop\OTL.exe [2013.04.28 20:49:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.28 20:46:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2013.04.28 20:44:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.28 20:44:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 20:44:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 20:44:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.28 20:44:05 | 2012,536,832 | -HS- | M] () -- C:\hiberfil.sys [2013.04.28 16:02:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.28 15:24:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.28 11:21:19 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F3D9808E-2DB5-45A5-9DB1-245C7557B4EE}.job [2013.04.07 20:23:29 | 000,696,626 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.07 20:23:29 | 000,651,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.07 20:23:29 | 000,155,102 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.07 20:23:29 | 000,126,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.04 19:37:59 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2013.04.02 00:16:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.04.02 00:16:31 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.04.02 00:16:31 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2013.04.04 19:37:59 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2009.02.15 21:39:53 | 000,188,521 | ---- | C] () -- C:\Users\Uli Minor\pdf_1565.pdf [2009.01.13 21:38:20 | 001,923,290 | ---- | C] () -- C:\Users\Uli Minor\cdex_151.zip [2008.12.04 19:31:58 | 001,283,717 | ---- | C] () -- C:\Users\Uli Minor\21xxmax_DE.pdf [2008.07.19 19:12:31 | 026,163,865 | ---- | C] () -- C:\Users\Uli Minor\preisliste2008ap[1].pdf [2008.06.01 11:12:45 | 000,001,356 | ---- | C] () -- C:\Users\Uli Minor\AppData\Local\d3d9caps.dat [2008.01.05 16:36:18 | 000,119,808 | ---- | C] () -- C:\Users\Uli Minor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n. "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.12.29 13:43:32 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\cerasus.media [2010.01.28 09:24:46 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\Desktopicon [2013.04.04 19:39:15 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\elsterformular [2013.02.12 21:29:47 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\Epson [2008.01.05 17:29:42 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\FRITZ! [2011.11.10 20:46:09 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\Image Zone Express [2008.01.05 20:37:55 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\InterVideo [2009.02.14 18:20:56 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\MAGIX [2010.01.28 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\MyPhoneExplorer [2009.12.24 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\Printer Info Cache [2009.05.03 13:19:35 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\Privacy components [2009.02.05 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\Uli Minor\AppData\Roaming\SampleView ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.04.2013 21:00:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Uli ***\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 44,49% Memory free 4,00 Gb Paging File | 2,61 Gb Available in Paging File | 65,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,76 Gb Total Space | 61,57 Gb Free Space | 44,05% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,88% Space Free | Partition Type: NTFS Drive F: | 7,73 Gb Total Space | 0,76 Gb Free Space | 9,83% Space Free | Partition Type: NTFS Computer Name: ULI***-PC | User Name: Uli *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{02C03AE0-E898-5C22-AFD4-877466FFBD98}" = CCC Help English "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{07FB18CF-3F76-43AC-0F02-B2DC201D27F4}" = Catalyst Control Center Localization Thai "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{09B17771-7F41-193C-4B8B-93B07653707C}" = Catalyst Control Center Localization Czech "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{15ADCB87-FB9D-BE4B-89EB-A5439DADACEB}" = CCC Help Japanese "{160FB2C2-37D9-C291-9B79-B660241AD747}" = Catalyst Control Center Localization Dutch "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{19CA53A9-E256-6AF1-28FA-EE61A88886CA}" = Catalyst Control Center Localization Chinese Traditional "{1A239B49-FDA5-8BCF-05E9-15C69A8591F7}" = Catalyst Control Center Localization Swedish "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{228FAF8F-3380-6579-E37D-8AE663A543EE}" = CCC Help Russian "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{2692EC5B-A136-5340-C10C-4FA987FBA569}" = Catalyst Control Center Localization Spanish "{279F3807-2744-5B05-1CD5-612097502559}" = CCC Help Polish "{27A94385-A7BD-17DA-3827-E54A3B203E7C}" = CCC Help Chinese Traditional "{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library "{2B5BC746-6594-F319-D806-BA97C1B3D8E9}" = Catalyst Control Center Localization Japanese "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{2E2499C1-D876-D3A5-5329-23719AF4EEA5}" = CCC Help French "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F2 "{34dd5d9f-5af3-41b4-ae60-09c408e16ea7}" = Nero BackItUp 4 "{3583F14B-42A8-C383-37B1-6186DD87BA46}" = Catalyst Control Center Localization Korean "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{36262360-D6DF-EFAE-7AB2-5FE47F01BB8A}" = Catalyst Control Center Graphics Full Existing "{36720FFD-D8DC-502D-5B59-97261633B847}" = Catalyst Control Center Graphics Full New "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{38B39865-D988-4945-9A22-6107B8B40953}" = C4200 "{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD "{3B1815F1-A388-CBA9-439E-8D97D0A9C6FB}" = CCC Help Portuguese "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}" = ccc-Branding "{4282CA13-4119-B9F9-A13D-F7E8C61978F9}" = CCC Help Turkish "{46AE0161-4BB6-4F01-AB45-AEB7144FF739}" = CA 01 - der interaktive Katalog von Drive Technologies and Industry Automation "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour "{541847E5-E8C5-075B-9F2B-2FF2A3C971C1}" = Catalyst Control Center Localization Hungarian "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5B1E200F-327D-AA06-4990-8E1505DFC754}" = CCC Help Greek "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{5D7347E1-AE03-478B-3BE2-F1279693F745}" = ccc-utility "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{5E156316-7276-D0B6-D6CD-A356B897FAB3}" = CCC Help Hungarian "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6276CABC-7E19-4945-9A9C-3549D965E687}" = CCC Help Danish "{6368D4AE-BFC1-4AAD-25AD-7EBA1CDEAFF0}" = CCC Help Thai "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3B081-1389-D544-6889-3E3BA2691171}" = CCC Help Korean "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6BA9955E-1F40-7E11-1488-228DAEFB0FD8}" = CCC Help Italian "{6cb1534e-eb54-43d2-983c-bbd9f0138e6f}" = Nero 9 "{6E8C9958-A445-06B7-9180-F1C546E90B6B}" = Catalyst Control Center Localization Chinese Standard "{6EF125F8-F86B-C019-2A11-53D9C99AEE00}" = Catalyst Control Center Localization Danish "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{75918444-A9D8-86F4-3644-08917713894F}" = CCC Help German "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server "{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B3CDDCA-0913-D8CE-F4E1-E0F8D0200B87}" = CCC Help Norwegian "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{8CC5F040-44F2-4FB7-9720-47F53F96D180}" = MSCU for Microsoft Vista "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{990BA001-D69F-9DB2-56CE-88E0399B30FB}" = ccc-core-static "{995A7F95-907E-4C25-8A2A-39CDCB7EC69C}" = Nero BackItUp "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C4AED81-8040-28D3-FCE3-E87DC2B948EC}" = Catalyst Control Center Localization German "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{A1A34147-C621-1D90-3C27-D90CF2E1ADFA}" = CCC Help Czech "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA2F07A9-7EB5-4185-BAA9-A02F56F1396A}" = CCC Help Dutch "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AB5C4115-57A5-4B30-B103-3DDF65FB5034}" = Nero BackItUp "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4 "{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch "{B19B5C55-573E-14F3-0047-7029B5618529}" = Catalyst Control Center Graphics Light "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B33E503B-8A82-E0EF-1ABE-06BF0489A6F9}" = CCC Help Swedish "{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min "{B7A7937C-B0B5-1040-FC2E-EB05872EF72C}" = Catalyst Control Center Localization Turkish "{B7F2B452-4461-88FF-EFD0-8E888D1A4C2D}" = CCC Help Spanish "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend "{BC281B89-4AF1-D881-ABB3-853444E7C1D5}" = Catalyst Control Center Localization Greek "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C41A421C-59F6-8393-014A-F655460AD5F5}" = CCC Help Finnish "{C6271F2D-3D0A-439B-BD78-584E017C636E}" = Vista Default Settings "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D02B9787-3152-A4A0-43E9-AF5E62715D4E}" = Catalyst Control Center Localization Polish "{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{DB11E77A-8184-C8D3-55DF-73F937EE2F3D}" = Catalyst Control Center Localization Norwegian "{DDDBC1AF-504A-3E17-4A74-E8C69D2C0D0E}" = Catalyst Control Center Localization Finnish "{DFE967A8-9C30-413C-B2D5-C0D576949553}" = ESU for Microsoft Vista "{E03D8FE4-70BF-26F8-DA3B-974E3A561308}" = CCC Help Chinese Standard "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E25074CB-A222-3A2D-0542-CC5BAD57ED76}" = Catalyst Control Center Localization Russian "{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064 "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support "{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help "{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EC04A654-128B-5439-0198-E1178E1E6E76}" = Catalyst Control Center Core Implementation "{EF6CEC13-B014-8BD5-5E56-78E68494A167}" = Catalyst Control Center Localization Italian "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}" = funkwerk Eumex 401 WIN-Tools V1.00 "{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro "{F4144B54-EA3B-72F5-D464-211A1D7BAB95}" = Catalyst Control Center Localization Portuguese "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}" = HP BIOS Configuration for ProtectTools "{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components "{FAFC99FB-4361-7B69-AF2B-87A60406B60C}" = Catalyst Control Center Localization French "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe FrameMaker 7.1" = Adobe FrameMaker v7.1 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Agere Systems Soft Modem" = Agere Systems HDA Modem "ATI Uninstaller" = ATI Uninstaller "Avira AntiVir Desktop" = Avira Free Antivirus "Billard2_is1" = Billard2 "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "CCleaner" = CCleaner (remove only) "CDex" = CDex extraction audio "ElsterFormular" = ElsterFormular "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "EPSON WP-4535 Series" = EPSON WP-4535 Series Printer Uninstall "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "FRITZ!DSL" = AVM FRITZ!DSL "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "InstallShield_{46AE0161-4BB6-4F01-AB45-AEB7144FF739}" = CA 01 - der interaktive Katalog von Drive Technologies and Industry Automation 10-2008 Deutsch "InstallShield_{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}" = funkwerk Eumex 401 WIN-Tools V1.00 "MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D) "MAGIX Music Cleaning Lab 2008 deluxe D" = MAGIX Music Cleaning Lab 2008 deluxe 9.0.2.0 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MPE" = MyPhoneExplorer "Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D) "PDF Complete" = PDF Complete "POKER" = POKER "Samsung ML-2010 Series" = Samsung ML-2010 Series "SynTPDeinstKey" = Synaptics Pointing Device Driver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1339485197-3170389898-3667348218-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.04.2013 16:23:11 | Computer Name = Uli***-PC | Source = EventSystem | ID = 4621 Description = Error - 27.04.2013 03:54:02 | Computer Name = Uli***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FwebProt.exe, Version 1.3.0.0, Zeitstempel 0x42285760, fehlerhaftes Modul FwebProt.exe, Version 1.3.0.0, Zeitstempel 0x42285760, Ausnahmecode 0xc0000005, Fehleroffset 0x0000ed69, Prozess-ID 0xb38, Anwendungsstartzeit 01ce431bdce6a9a0. Error - 27.04.2013 05:10:11 | Computer Name = Uli***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19088, Zeitstempel 0x4de090ed, Ausnahmecode 0xc0000005, Fehleroffset 0x000678d8, Prozess-ID 0x1398, Anwendungsstartzeit 01ce431df8593598. Error - 27.04.2013 05:10:30 | Computer Name = Uli***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19088, Zeitstempel 0x4de090ed, Ausnahmecode 0xc0000005, Fehleroffset 0x000678d8, Prozess-ID 0x102c, Anwendungsstartzeit 01ce43270f7385ac. Error - 27.04.2013 05:10:54 | Computer Name = Uli***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19088, Zeitstempel 0x4de090ed, Ausnahmecode 0xc0000005, Fehleroffset 0x000678d8, Prozess-ID 0x1254, Anwendungsstartzeit 01ce43271dcf0aa4. Error - 27.04.2013 05:37:45 | Computer Name = Uli***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19088, Zeitstempel 0x4de090ed, Ausnahmecode 0xc0000005, Fehleroffset 0x000678d8, Prozess-ID 0x13d8, Anwendungsstartzeit 01ce432acba34bd1. Error - 28.04.2013 07:02:46 | Computer Name = Uli***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FwebProt.exe, Version 1.3.0.0, Zeitstempel 0x42285760, fehlerhaftes Modul FwebProt.exe, Version 1.3.0.0, Zeitstempel 0x42285760, Ausnahmecode 0xc0000005, Fehleroffset 0x0000ed69, Prozess-ID 0x118c, Anwendungsstartzeit 01ce43f15356733d. Error - 28.04.2013 07:32:22 | Computer Name = Uli***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19088, Zeitstempel 0x4de090ed, Ausnahmecode 0xc0000005, Fehleroffset 0x000678d8, Prozess-ID 0x1018, Anwendungsstartzeit 01ce4400330ef096. Error - 28.04.2013 09:20:50 | Computer Name = Uli***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FwebProt.exe, Version 1.3.0.0, Zeitstempel 0x42285760, fehlerhaftes Modul FwebProt.exe, Version 1.3.0.0, Zeitstempel 0x42285760, Ausnahmecode 0xc0000005, Fehleroffset 0x0000ed69, Prozess-ID 0x2c4, Anwendungsstartzeit 01ce440f5feac2c0. Error - 28.04.2013 14:47:32 | Computer Name = Uli***-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FwebProt.exe, Version 1.3.0.0, Zeitstempel 0x42285760, fehlerhaftes Modul FwebProt.exe, Version 1.3.0.0, Zeitstempel 0x42285760, Ausnahmecode 0xc0000005, Fehleroffset 0x0000ed69, Prozess-ID 0xbec, Anwendungsstartzeit 01ce4440aac17ec0. [ Credential Manager Events ] Error - 09.03.2011 05:51:22 | Computer Name = Uli***-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Uli ***@ULI***-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 09.03.2011 05:51:33 | Computer Name = Uli***-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Uli ***@ULI***-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 12.03.2011 14:54:11 | Computer Name = Uli***-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Uli ***@ULI***-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 13.03.2011 16:23:39 | Computer Name = Uli***-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Uli ***@ULI***-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 18.03.2011 14:06:10 | Computer Name = Uli***-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Uli ***@ULI***-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 16.04.2011 05:05:02 | Computer Name = Uli***-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Uli ***@ULI***-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 11.06.2011 03:47:10 | Computer Name = Uli***-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Uli ***@ULI***-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 26.03.2013 14:23:47 | Computer Name = Uli***-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Uli ***@ULI***-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 05.04.2013 11:35:26 | Computer Name = Uli***-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Uli ***@ULI***-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. Error - 14.04.2013 10:15:21 | Computer Name = Uli***-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. Benutzer: Uli ***@ULI***-PC Anmeldeinformationen: Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste nicht aktiviert ist. [ OSession Events ] Error - 31.08.2010 11:12:38 | Computer Name = Uli***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 642 seconds with 240 seconds of active time. This session ended with a crash. Error - 16.01.2011 14:20:15 | Computer Name = Uli***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1942 seconds with 480 seconds of active time. This session ended with a crash. [ System Events ] Error - 28.04.2013 08:53:16 | Computer Name = Uli***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.04.2013 08:53:16 | Computer Name = Uli***-PC | Source = Service Control Manager | ID = 7003 Description = Error - 28.04.2013 08:53:16 | Computer Name = Uli***-PC | Source = Service Control Manager | ID = 7003 Description = Error - 28.04.2013 10:02:24 | Computer Name = Uli***-PC | Source = DCOM | ID = 10010 Description = Error - 28.04.2013 14:44:17 | Computer Name = Uli***-PC | Source = HTTP | ID = 15016 Description = Error - 28.04.2013 14:45:48 | Computer Name = Uli***-PC | Source = Service Control Manager | ID = 7023 Description = Error - 28.04.2013 14:45:48 | Computer Name = Uli***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.04.2013 14:45:48 | Computer Name = Uli***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.04.2013 14:45:48 | Computer Name = Uli***-PC | Source = Service Control Manager | ID = 7003 Description = Error - 28.04.2013 14:45:48 | Computer Name = Uli***-PC | Source = Service Control Manager | ID = 7003 Description = < End of report > GMER Info: Beim Scann mit GMER ist PC abgestürzt, auch im abgesicherten Modus. Anbei das Log-File des Scans vom Programm-Start Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit quick scan 2013-04-28 21:34:12 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC7BP 149,05GB Running: gmer_2.1.19163.exe; Driver: C:\Users\******~1\AppData\Local\Temp\pxtdrkoc.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 84559910 ---- EOF - GMER 2.1 ---- |
28.04.2013, 21:04 | #2 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC infiziert?Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Zitat:
Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
__________________ |
Themen zu Ist mein PC infiziert? |
32 bit, adobe, antivir, autorun, avira, beste grüße, bho, dsl, email, error, excel, firefox, flash player, format, google, iexplore.exe, infiziert?, install.exe, intranet, launch, logfile, microsoft office 2003, object, pc infiziert, photoshop, plug-in, recycle.bin, registry, rundll, scan, security, server, software, usb, vista, wörter |