| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antimalwaredoktor zerpflückt mein SystemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.08.2010, 23:47
| #1 |
| |  Antimalwaredoktor zerpflückt mein System Hallo, irgendwie habe ich ein Problem beim Posten, fühle mich heute wie ein Pc Noob. Daher erstmal etwas weniger Beschreibung. Problem ist so ähnlich wie bei der Dame der heute geholfen wurde, daher habe ich mittlerweile ähnliche Schritte unternommen, da sonst nicht aus meinem eigenen Wissen nur ansatzweise mein system wieder auf die Bein geholfen hat. Habe sehr wichtige Daten auf meinen System, daher kann ich es nicht platt machen. Notfalls bräuchte ich dann Hilfe wie ich diese Datein retten kann, indem ich sie auf meine 2. Partition verschiebe. Antimalwaredoktor lässt mir keinerlei Rechte und Möglichkeiten zu agieren, bin auch abgesicherten Modus runter Hänge die Berichte ran. vollständigen Malware scan mit entsprechende Software durchgeführt und entfernt, geholfen hat es nichts . Bitte um Hilfe, wenn auch nicht mehr zu dieser Zeit  Gruß Daniel Jetzt geht es daher hier die Berichte Hier die Berichte Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 14.08.2010 23:34:29 mbam-log-2010-08-14 (23-34-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 260784 Laufzeit: 2 Stunde(n), 30 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 24 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 11 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a920b6d6-0d06-41e2-8ce8-f5d3352389a6} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a920b6d6-0d06-41e2-8ce8-f5d3352389a6} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a920b6d6-0d06-41e2-8ce8-f5d3352389a6} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a920b6d6-0d06-41e2-8ce8-f5d3352389a6} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{62c27544-1a0d-4de6-b5b0-692ad8a27ed2} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{62c27544-1a0d-4de6-b5b0-692ad8a27ed2} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{62c27544-1a0d-4de6-b5b0-692ad8a27ed2} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62c27544-1a0d-4de6-b5b0-692ad8a27ed2} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{62c27545-1a0d-4de6-b5b0-692ad8a27ed2} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{62c27545-1a0d-4de6-b5b0-692ad8a27ed2} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{62c27545-1a0d-4de6-b5b0-692ad8a27ed2} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62c27545-1a0d-4de6-b5b0-692ad8a27ed2} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVFLTIP (Rogue.UnVirex) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DrvFltIp (Rogue.UnVirex) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{62c27544-1a0d-4de6-b5b0-692ad8a27ed2} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{62c27544-1a0d-4de6-b5b0-692ad8a27ed2} (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipusp (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\vzkgp.dll (Adware.EZlife) -> Quarantined and deleted successfully. C:\WINDOWS\system32\c978.dll (Adware.Mirar) -> Quarantined and deleted successfully. D:\Downloads\wizard\Software und Internet\TuneUp Utilities 2010 v9.0.3000.52 - Deutsch - dAr\TUU KEYGEN\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Deekay\Startmenü\Programme\Autostart\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Deekay\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Deekay\Startmenü\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\Microsoft\Windows\jnipmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\kernel32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\wkernel32.sys (Malware.Trace) -> Quarantined and deleted successfully.OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.08.2010 00:02:46 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = F:\ Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 746,00 Mb Available Physical Memory | 73,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 96,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 78,13 Gb Total Space | 15,74 Gb Free Space | 20,15% Space Free | Partition Type: NTFS Drive D: | 70,91 Gb Total Space | 3,67 Gb Free Space | 5,17% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 239,54 Mb Total Space | 57,72 Mb Free Space | 24,10% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BACIDER Current User Name: Deekay Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.14 23:57:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010.08.14 23:57:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - File not found [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - File not found [Auto | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe -- (gupdate1c9ea803d3d14af) Google Update Service (gupdate1c9ea803d3d14af) SRV - File not found [Auto | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService) SRV - File not found [Auto | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE -- (antivirwebservice) SRV - File not found [Auto | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe -- (AntiVirService) SRV - File not found [Auto | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe -- (AntiVirScheduler) SRV - File not found [Auto | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService) SRV - [2010.08.14 04:19:48 | 000,057,608 | ---- | M] () [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ResultDns\resultdns111.exe -- (ResultDns Service) SRV - [2010.03.25 02:38:16 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.02.25 19:40:18 | 001,047,880 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.02.25 19:37:08 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) SRV - [2009.02.06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.08.14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Programme\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2007.10.08 14:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2007.10.08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R) SRV - [2007.10.08 14:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2007.10.08 14:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2007.06.16 09:30:42 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Stopped] -- C:\Programme\Silvercrest MTS2118 driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.05.11 18:15:50 | 000,052,736 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.DLL -- (Pml Driver HPZ12) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon) DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\kwflower.sys -- (kwflower) DRV - File not found [File_System | On_Demand | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgntflt.sys -- (avgntflt) DRV - File not found [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgio.sys -- (avgio) DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.10.10 15:54:26 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009.06.10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.02.24 14:24:21 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.07.02 22:33:00 | 006,554,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008.06.24 11:36:14 | 000,065,024 | ---- | M] (Kerio Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev) DRV - [2008.06.20 13:51:12 | 000,361,600 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer) DRV - [2008.04.13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008.02.01 16:17:12 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2008.02.01 16:17:06 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2007.09.26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007.08.27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007.06.13 11:09:44 | 000,017,280 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmwdfilter.sys -- (KMWDFilter) DRV - [2007.05.10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007.03.01 11:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006.11.21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.11.15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2005.07.22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.07.22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.07.22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.04.14 00:00:00 | 000,085,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctxusbtv.sys -- (CXLWIRE) USB Hybrid Video Capture (DVB-T/PAL) DRV - [2004.01.16 13:02:58 | 000,017,408 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2003.10.15 17:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tangotoolbar.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: nuance@pdf6:1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {1A615EA8-4C56-49EE-BE83-F9A264B79997}:1.0 FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Dokumente%20und%20Einstellungen/Deekay/Eigene%20Dateien/Eigene%20Musik/Temp/Tunebite/.downloading/profile/rrproxy_ffox_497acb2b.pac" FF - prefs.js..network.proxy.type: 3997811 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.03.03 16:45:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Programme\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009.09.12 15:58:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.14 19:33:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.24 09:07:34 | 000,000,000 | ---D | M] [2008.09.02 20:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\Mozilla\Extensions [2010.08.10 20:05:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\Mozilla\Firefox\Profiles\8lqol32g.default\extensions [2010.06.28 18:14:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\Mozilla\Firefox\Profiles\8lqol32g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.21 18:23:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\Mozilla\Firefox\Profiles\8lqol32g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008.04.20 00:21:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\Mozilla\Firefox\Profiles\8lqol32g.default\extensions\de-DE-comb@dictionaries.addons.mozilla.org [2010.08.14 19:35:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.14 19:35:24 | 000,000,000 | ---D | M] (ResultDns) -- C:\Programme\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} [2010.08.14 19:33:48 | 000,211,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\components\gpff.dll [2010.07.24 07:11:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.24 07:11:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.24 07:11:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.24 07:11:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.24 07:11:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.01.23 15:54:30 | 000,373,775 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 127.0.0.1 163ns.com O1 - Hosts: 12879 more lines... O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (moigh Object) - {3B336C80-8591-42C4-89E8-AD396C8E550D} - C:\WINDOWS\system32\rzkgp.dll () O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [dellsupportcenter] C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [KMCONFIG] C:\Programme\Silvercrest MTS2118 driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\izkgp.exe () O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [sta] File not found O4 - HKLM..\Run: [yjyhbvie] C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\rmmfdmggc\tfgcygcshdw.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [GabPath] C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\GabPath\gabpath.exe () O4 - HKCU..\Run: [secureapp70700.exe] C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\52E54B391C5EDD42F153F10E2627462F\secureapp70700.exe (MS) O4 - HKCU..\Run: [yjyhbvie] C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\rmmfdmggc\tfgcygcshdw.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SpeedFan.lnk = C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Mit Nuance PDF Converter 6.0 öffnen - C:\Programme\Nuance\PDF Professional 6\cnvres_ger.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Mit PDF Professional 6 öffnen - C:\Programme\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Programme\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O15 - HKCU\..Trusted Domains: hypovereinsbank.de ([my] https in Vertrauenswürdige Sites) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208624470292 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208626994776 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop Components:1 () - hxxp://www.google.de/ O24 - Desktop Components:2 () - hxxp://www.myspace.com/bacider O24 - Desktop WallPaper: D:\Downloads\alt.binaries.pictures.wallpaper\The_colors_are_alive-1680x1050.jpg O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.19 17:47:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.14 20:57:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\Malwarebytes [2010.08.14 20:56:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.14 20:56:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.14 20:56:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.14 20:56:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.14 19:33:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\Sky-Banners [2010.08.14 19:33:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\Street-Ads [2010.08.14 19:33:15 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010.08.14 19:33:15 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010.08.14 19:33:13 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys [2010.08.14 19:33:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys [2010.08.14 19:33:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010.08.14 19:32:58 | 000,000,000 | ---D | C] -- C:\Programme\ResultDns [2010.08.14 19:32:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ResultDns [2010.08.14 19:32:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\rmmfdmggc [2010.08.14 19:32:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\GabPath [2010.08.14 19:32:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\Windows Server [2010.08.14 19:32:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\52E54B391C5EDD42F153F10E2627462F [2010.08.14 10:44:06 | 001,122,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll [2010.08.14 10:44:06 | 000,024,576 | ---- | C] (HTC, Corporation) -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys [2010.08.14 10:43:58 | 000,000,000 | ---D | C] -- C:\Programme\Spirent Communications [2010.08.14 03:00:24 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.08.14 02:38:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\HTC [2010.08.14 02:37:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HTC [2010.08.14 02:37:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2010.08.14 02:34:17 | 000,000,000 | ---D | C] -- C:\Programme\HTC [2010.08.13 23:54:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Eigene Dateien\Htc unrevoked [2010.08.13 23:48:29 | 000,581,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WinUSBCoInstaller.dll [2010.08.13 23:23:34 | 000,096,256 | ---- | C] (Google, inc) -- C:\Dokumente und Einstellungen\Deekay\AdbWinApi.dll [2010.08.13 23:23:34 | 000,060,928 | ---- | C] (Google, inc) -- C:\Dokumente und Einstellungen\Deekay\AdbWinUsbApi.dll [2010.08.13 23:23:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\hboot driver_files [2010.08.13 22:41:29 | 000,000,000 | ---D | C] -- C:\ruu_log [2010.08.13 20:50:07 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll [2010.08.13 20:46:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\Teleca [2010.08.13 20:45:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Teleca Shared [2010.07.26 21:25:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\vlc [2010.07.24 09:05:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Deekay\Desktop\Umsatz [6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\Dokumente und Einstellungen\Deekay\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Deekay\Eigene Dateien\*.tmp -> ] [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.14 23:53:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.14 23:37:28 | 000,285,790 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010.08.14 23:37:12 | 000,183,124 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.08.14 23:36:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.14 23:35:06 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Deekay\ntuser.ini [2010.08.14 23:35:05 | 020,185,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Deekay\ntuser.dat [2010.08.14 20:56:54 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.14 19:32:50 | 000,000,005 | ---- | M] () -- C:\zrpt.xml [2010.08.13 23:52:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf [2010.08.13 23:18:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\DbgOut.INI [2010.08.13 20:50:18 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf [2010.08.13 20:50:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010.08.13 20:50:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 07:10:33 | 000,854,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 07:04:57 | 001,333,180 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 07:04:57 | 000,578,134 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 07:04:57 | 000,538,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 07:04:57 | 000,133,916 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 07:04:57 | 000,108,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.11 01:13:25 | 000,285,790 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010.08.10 23:49:36 | 000,155,648 | ---- | M] () -- C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.06 17:15:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Wartung.job [2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2010.07.26 21:21:16 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.07.26 21:16:04 | 019,473,201 | ---- | M] () -- C:\Dokumente und Einstellungen\Deekay\Eigene Dateien\vlc-1.1.1-win32.exe [2010.07.24 12:28:19 | 000,032,990 | ---- | M] () -- C:\Dokumente und Einstellungen\Deekay\Desktop\Umsätze 1 bis 18.docx [2010.07.24 12:28:08 | 000,112,103 | ---- | M] () -- C:\Dokumente und Einstellungen\Deekay\Desktop\Umsätze 1 bis 18.pdf [2010.07.24 09:05:34 | 000,113,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Deekay\Eigene Dateien\Umsätze 1 bis 18.pdf [2010.07.24 08:37:25 | 000,598,532 | ---- | M] () -- C:\Dokumente und Einstellungen\Deekay\Eigene Dateien\https___internetbanking.gad.doc [2010.07.16 06:19:46 | 000,246,784 | ---- | M] () -- C:\WINDOWS\System32\rzkgp.dll [2010.07.16 00:17:09 | 018,159,885 | ---- | M] () -- C:\Dokumente und Einstellungen\Deekay\reflash.exe [6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\Dokumente und Einstellungen\Deekay\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Deekay\Eigene Dateien\*.tmp -> ] [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.14 20:56:54 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.14 19:32:48 | 000,000,005 | ---- | C] () -- C:\zrpt.xml [2010.08.13 23:52:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf [2010.08.13 23:23:34 | 000,014,843 | ---- | C] () -- C:\Dokumente und Einstellungen\Deekay\mingwm10.DLL [2010.08.13 23:23:34 | 000,013,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Deekay\hboot driver.htm [2010.08.13 23:23:33 | 018,159,885 | ---- | C] () -- C:\Dokumente und Einstellungen\Deekay\reflash.exe [2010.08.13 23:18:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI [2010.08.13 20:50:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf [2010.08.13 20:50:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010.07.26 21:21:16 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.07.26 21:11:56 | 019,473,201 | ---- | C] () -- C:\Dokumente und Einstellungen\Deekay\Eigene Dateien\vlc-1.1.1-win32.exe [2010.07.24 09:05:33 | 000,113,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Deekay\Eigene Dateien\Umsätze 1 bis 18.pdf [2010.07.24 08:32:45 | 000,112,103 | ---- | C] () -- C:\Dokumente und Einstellungen\Deekay\Desktop\Umsätze 1 bis 18.pdf [2010.07.24 07:30:41 | 000,598,532 | ---- | C] () -- C:\Dokumente und Einstellungen\Deekay\Eigene Dateien\https___internetbanking.gad.doc [2010.07.24 00:02:00 | 000,032,990 | ---- | C] () -- C:\Dokumente und Einstellungen\Deekay\Desktop\Umsätze 1 bis 18.docx [2010.07.16 06:19:46 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\rzkgp.dll [2010.04.18 13:35:16 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.01.23 17:20:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2010.01.15 02:25:04 | 000,000,128 | ---- | C] () -- C:\WINDOWS\{1093648B-1375-44BC-BC5E-39BF977D53FA}.ini [2010.01.15 01:54:47 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2010.01.15 01:51:07 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2009.12.07 23:46:02 | 000,133,120 | ---- | C] () -- C:\WINDOWS\hvdi.dll [2009.12.07 15:00:24 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI [2009.09.06 22:09:20 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI [2009.05.06 00:18:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\FCVAP.dll [2009.05.06 00:18:49 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EZFRD.dll [2009.04.02 20:36:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI [2009.03.30 23:52:59 | 000,000,003 | ---- | C] () -- C:\WINDOWS\bmm.ini [2009.03.30 17:34:27 | 000,000,066 | ---- | C] () -- C:\WINDOWS\wiso.ini [2009.02.18 21:36:33 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SonderZ.ini [2009.02.01 13:20:58 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\4esylanastiekhcilnösrep.sys [2009.01.07 22:23:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Muma60.INI [2009.01.07 22:06:19 | 000,000,093 | ---- | C] () -- C:\WINDOWS\magix.ini [2008.11.24 22:33:05 | 000,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI [2008.10.15 14:57:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ktzlib80_1.2.3.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.07.04 13:27:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.05.24 10:50:24 | 000,002,776 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008.05.24 10:50:24 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9075CA22E0.sys [2008.04.20 20:47:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2008.04.20 20:47:05 | 000,000,163 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2008.04.20 20:46:52 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2008.04.20 14:13:06 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2008.04.19 23:43:15 | 000,000,450 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.04.19 23:29:39 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008.04.19 23:22:34 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007.11.26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007.03.29 23:00:40 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2007.02.22 17:17:50 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pn.ini [2007.02.22 17:17:50 | 000,000,051 | ---- | C] () -- C:\WINDOWS\pr.ini [2006.04.25 12:28:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.04.25 12:28:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.04.25 12:28:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.04.25 12:28:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.02.13 10:43:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll [2005.08.05 14:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2004.08.10 14:00:00 | 000,361,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\tcpip.sys [2004.05.12 07:31:54 | 000,003,719 | ---- | C] () -- C:\WINDOWS\PWRPLAY.INI [2003.03.09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [2001.07.07 03:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 160 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 @Alternate Data Stream - 107 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C31F31E6 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.08.2010 00:02:46 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 746,00 Mb Available Physical Memory | 73,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,13 Gb Total Space | 15,74 Gb Free Space | 20,15% Space Free | Partition Type: NTFS
Drive D: | 70,91 Gb Total Space | 3,67 Gb Free Space | 5,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 239,54 Mb Total Space | 57,72 Mb Free Space | 24,10% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BACIDER
Current User Name: Deekay
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"E:\libNeap.dll" = E:\libNeap.dll:*:Enabled:DCClibrary -- File not found
"E:\DWizard300.exe" = E:\DWizard300.exe:*:Enabled:DCCWizard -- File not found
"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found
"E:\setup\HPONICIFS01.EXE" = E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"D:\Spiele\asscr\AssassinsCreed_Dx9.exe" = D:\Spiele\asscr\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"D:\Spiele\asscr\AssassinsCreed_Dx10.exe" = D:\Spiele\asscr\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"D:\Spiele\asscr\AssassinsCreed_Launcher.exe" = D:\Spiele\asscr\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01161F64-6897-4885-93A0-A9F7BE9A4253}" = hp psc 1100 series
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BBBCFAA-49F3-4529-9FDB-803190E2C243}" = Haufe Formular-Manager
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risiko II
"{1093648B-1375-44BC-BC5E-39BF977D53FA}" = Nuance PDF Professional 6
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F2B569E-2024-48B8-867B-DB1BF2338F38}" = Silvercrest MTS2118 driver
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38AD6EA4-BBC1-4A95-B792-9950D48E2171}" = Kerio Visual C++ 2005 redistributable permanent package
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{59367F7E-D7C1-4629-8AEC-71AA24A68F31}" = Nokia Software Updater
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder (Team V.R Private Edition)
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90AD0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16FC184-8310-4679-B130-CD883D4D8256}" = KMG-MaxPayne2.Mods-v1.01 Update
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D99C322D-C21B-40C7-AE71-EE51AA096B6E}" = Nokia Flashing Cable Driver
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}" = WISO Bewerbung 2008
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0BF49E9448DA0DFB69DB9D673379652AB9087171" = Windows Driver Package - Intel net (09/26/2007 11.5.0.32)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows-Treiberpaket - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1)
"5D81FBED6E61194F43FF1556F43BD8309BA44634" = Windows Driver Package - Intel (NETw4x32) net (09/26/2007 11.5.0.32)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9)
"7A1E1C4F-CC6F-4BF0-BB81-7CFC3F655564" = GemMaster Mystic
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"EFD65E7CD7A28D00217941F33C5CA55964F96136" = Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37)
"EH_BewM_BM" = Bewerbungsmuster für Bachelor- und Masterabsolventen
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows-Treiberpaket - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"FileZilla Client" = FileZilla Client 3.2.0
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP PSC 1100 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1100 series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Incomedia WebSite X5 Evolution" = Incomedia WebSite X5 Evolution
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{2F2B569E-2024-48B8-867B-DB1BF2338F38}" = Silvercrest MTS2118 driver
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"MAGIX music maker generation 6" = MAGIX music maker generation 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Miranda IM" = Miranda IM 0.8.12
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PRJPRO" = Microsoft Office Project Professional 2007
"ProInst" = Intel(R) PROSet/Wireless Software
"ratDVD" = ratDVD 0.78.1444
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ResultDns" = ResultDns 1.0 build 111
"Sony Eyetoy Webcam" = Sony Eyetoy Webcam
"SpeedFan" = SpeedFan (remove only)
"SWiSH Max2" = SWiSH Max2
"SWiSH miniMax2" = SWiSH miniMax2
"SWiSH Video3" = SWiSH Video3
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"UseNeXT_is1" = UseNeXT
"VISPRO" = Microsoft Office Visio Professional 2007
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Worms Armageddon - New Edition" = Worms Armageddon - New Edition
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Youtube Music Downloader_is1" = Youtube Music Downloader V2.3.7
"Zero:Hour Mappack" = Zero:Hour Mappack
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
"GabPath" = GabPath
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.08.2010 14:26:43 | Computer Name = BACIDER | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [216]. Just-In-Time
debugging this exception failed with the following error: Debugger could not be
started because no user is logged on. Check the documentation index for 'Just-in-time
debugging, errors' for more information.
[ OSession Events ]
Error - 13.08.2009 21:15:14 | Computer Name = BACIDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 42230
seconds with 120 seconds of active time. This session ended with a crash.
Error - 15.08.2009 20:37:54 | Computer Name = BACIDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 42086
seconds with 8940 seconds of active time. This session ended with a crash.
Error - 05.09.2009 20:16:33 | Computer Name = BACIDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 42230
seconds with 780 seconds of active time. This session ended with a crash.
Error - 19.09.2009 19:25:54 | Computer Name = BACIDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 474836
seconds with 240 seconds of active time. This session ended with a crash.
Error - 22.09.2009 20:30:00 | Computer Name = BACIDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 23323
seconds with 780 seconds of active time. This session ended with a crash.
Error - 07.10.2009 17:26:10 | Computer Name = BACIDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 92881
seconds with 3660 seconds of active time. This session ended with a crash.
Error - 12.10.2009 21:30:45 | Computer Name = BACIDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 52218
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.10.2009 19:03:58 | Computer Name = BACIDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24462
seconds with 960 seconds of active time. This session ended with a crash.
Error - 23.10.2009 20:32:20 | Computer Name = BACIDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 99586
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.06.2010 21:24:58 | Computer Name = BACIDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24801
seconds with 4500 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.08.2010 18:00:49 | Computer Name = BACIDER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 14.08.2010 18:00:55 | Computer Name = BACIDER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 14.08.2010 18:01:02 | Computer Name = BACIDER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 14.08.2010 18:01:39 | Computer Name = BACIDER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 14.08.2010 18:01:49 | Computer Name = BACIDER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 14.08.2010 18:01:52 | Computer Name = BACIDER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 14.08.2010 18:02:27 | Computer Name = BACIDER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 14.08.2010 18:02:28 | Computer Name = BACIDER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 14.08.2010 18:02:32 | Computer Name = BACIDER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 14.08.2010 18:07:45 | Computer Name = BACIDER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
|
|
15.08.2010, 03:08
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antimalwaredoktor zerpflückt mein SystemZitat:
__________________ |
|
15.08.2010, 11:39
| #3 |
| | Antimalwaredoktor zerpflückt mein System Kann man das Update auch manuell installieren, wenn ich im normalen Modus bin geht nichst mehr ?
__________________Habe gerade versucht irgendwie das Update über den Laptop zu laden, jedoch habe ich keine Möglichkeit Mbam zu öffnen, um es zu aktualisieren, da der Amd sofort die Führung übernimmt und ich keine Möglichkeit habe zu updaten. Ich muss mit dem Pc heute auch noch arbeiten, ich weiß wieviel ihr zu tun habt und bin sehr dankbar überhaupt eine Hilfe zu bekommen, da ich sonst total verzweifeln würde. Daher schon mal ein großes Danke. Kann ich mbam auch in der aktuellsten Version herunterladen oder das updatepack manuell installieren, wenn ja würde ich mich über ein knappes "howto freuen" Wirklich ein hefiger Virus, sowas habe ich noch nie erlebt.  Erfolgserlebnis auf Umwegen Habe es geschafft Rkill auf dem nicht abgesicherten Windows zum laufen zu bekommen. Im Abgesichertern klappte es zwar, auch konnte ich Malwarebytes zum laufen bekommen, aber nicht updaten, sobald ich ins normale Windows kam, war die alte Leier, kann nicht ausführen, kann nicht installieren wieder da. Auch ein anderer Dateiname + Erweiterung hat bei rkill nicht im normalen Windows funktioniert, warum auch immer. Bin auf meinen Recherchen auf trojanremover gekommen. Zwar handelt es sich wieder um ein kostenpflichtiges Programm (wie ich später endteckte), aber es geschah etwas wundersames. Ich habe die exe auf einem anderen Computer installiert, den kompletten dateipfad mit den inhalten kopiert, auf usb gepackt die hauptexe als iexplore.exe umbenannt, im dem normalen windows auf dem beschädigten Rechner gestartet, es funktionierte diesmal das Programm zum laufen zu bekommen - warum auch immer. Zwar konnte ich dieses Programm nicht dazu verwenden antimalwaredoktor zu entfernen (purchase), aber erstmals rkill einsetzen um dieses mistige Antimalwaretool zu killen. Es funktionierte zum ersten mal, da ich seit dem start des programms trojanremover wieder installieren, updaten usw. konnte. Anschließend konnte ich mawarebytes einsetzen, updaten und nun wühlt es meine Festplatte durch. Ich meine es ist sicherlich ne merkwürdige Lösung aber zumindest funktioniert es, das trojanremovertool beendet beim programmstart irgendwas, was mir nun ermöglichte mich entsprechend zu bewaffnen und zumindest den Versuch zu starten, den Trojaner am Schopfe zu packen. Sobald Malwarebytes durchgelaufen ist hoffe ich beim restart einmal nicht zu sehen, das antimalewaredoktor anspringt. Bräuchte dann bitte weitere Anweisungen zum säubern. Beste Grüße Ahh, endlich mal wieder ohne smartphone schreiben.  Success Antimalwaredoctor...Allerdings habe ich folgende Probleme identifiziert, bei denen ich nun auf ein paar Ratschläge hoffe. Die Windows Firewall wie das Sicherheitscenter lauft nicht mehr und in meiner Programmauswahl (sowie unter Software) habe ich immer noch Antimalwaredoctor. Wie gehe ich jetzt weiter vor ? Was benötigt Ihr ? Was sollte meine nächsten Schritte sein ? ccleaner habe ich nun schon einmal durchlaufen lassen. |
|
15.08.2010, 19:29
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalwaredoktor zerpflückt mein System Ich brauch den Vollscan mit Malwarebytes! Probier es bitte nochmal. Wenn es sich nicht updaten lässt, probierst Du ein manuelles Update damit => Manual database update - Malwarebytes Forum
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.08.2010, 19:12
| #5 |
| | Antimalwaredoktor zerpflückt mein System hab im abgesicherten Modus r-kill in den autostart gelegt, funzte malware ist durch, malwaredoktor sowiet vom system geflogen. möchte nun sichergehen, das nun alles im reinen ist, denn mein sicherheitscenter a la micorsoft gibbet nicht mehr, dafür muss ich aber sgen schnurrt mein system wie ein kätzchen und arbeitet wieder wie nen roadrunner.. Hier die log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4432 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 15.08.2010 18:48:56 mbam-log-2010-08-15 (18-48-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 284148 Laufzeit: 1 Stunde(n), 27 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 13 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yjyhbvie (Rogue.SecuritySuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yjyhbvie (Rogue.SecuritySuite) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\rmmfdmggc\tfgcygcshdw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Temp\xarswocnme.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Temp\qgldko.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DEC342FB-CE08-445B-B3A0-23A56C40ACDC}\RP1\A0004003.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DEC342FB-CE08-445B-B3A0-23A56C40ACDC}\RP1\A0004004.dll (Adware.Mirar) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DEC342FB-CE08-445B-B3A0-23A56C40ACDC}\RP1\A0006032.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DEC342FB-CE08-445B-B3A0-23A56C40ACDC}\RP1\A0006033.exe (Adware.GabPath) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DEC342FB-CE08-445B-B3A0-23A56C40ACDC}\RP1\A0006034.exe (Trojan.Adware) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DEC342FB-CE08-445B-B3A0-23A56C40ACDC}\RP1\A0006035.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DEC342FB-CE08-445B-B3A0-23A56C40ACDC}\RP1\A0006036.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DEC342FB-CE08-445B-B3A0-23A56C40ACDC}\RP1\A0006040.exe (Adware.ResultDns) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DEC342FB-CE08-445B-B3A0-23A56C40ACDC}\RP1\A0006042.exe (Adware.ResultDns) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{DEC342FB-CE08-445B-B3A0-23A56C40ACDC}\RP1\A0004005.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. |
|
16.08.2010, 20:32
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalwaredoktor zerpflückt mein System Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
O4 - HKLM..\Run: [sta] File not found
O4 - HKLM..\Run: [yjyhbvie] C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\rmmfdmggc\tfgcygcshdw.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GabPath] C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\GabPath\gabpath.exe ()
O4 - HKCU..\Run: [secureapp70700.exe] C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\52E54B391C5EDD42F153F10E2627462F\secureapp70700.exe (MS)
O4 - HKCU..\Run: [yjyhbvie] C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\rmmfdmggc\tfgcygcshdw.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
[2010.07.16 06:19:46 | 000,246,784 | ---- | M] () -- C:\WINDOWS\System32\rzkgp.dll
[2010.07.16 00:17:09 | 018,159,885 | ---- | M] () -- C:\Dokumente und Einstellungen\Deekay\reflash.exe
[2010.08.14 19:32:48 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
@Alternate Data Stream - 160 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
@Alternate Data Stream - 107 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C31F31E6
:Files
C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\rmmfdmggc
C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\GabPath
C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\52E54B391C5EDD42F153F10E2627462F
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Antimalwaredoktor zerpflückt mein System |
|
17.08.2010, 17:15
| #7 |
| | Antimalwaredoktor zerpflückt mein System Done und ? All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sta not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yjyhbvie not found. File C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\rmmfdmggc\tfgcygcshdw.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully. C:\Programme\DAEMON Tools Lite\daemon.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GabPath not found. File C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\GabPath\gabpath.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\secureapp70700.exe not found. File C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\52E54B391C5EDD42F153F10E2627462F\secureapp70700.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yjyhbvie not found. File C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\rmmfdmggc\tfgcygcshdw.exe not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully. File C:\WINDOWS\System32\rzkgp.dll not found. C:\Dokumente und Einstellungen\Deekay\reflash.exe moved successfully. C:\zrpt.xml moved successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP  FC5A2B2 deleted successfully.ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C31F31E6 deleted successfully. ========== FILES ========== C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Anwendungsdaten\rmmfdmggc folder moved successfully. File\Folder C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\GabPath not found. C:\Dokumente und Einstellungen\Deekay\Anwendungsdaten\52E54B391C5EDD42F153F10E2627462F folder moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Deekay ->Temp folder emptied: 873747601 bytes ->Temporary Internet Files folder emptied: 243739 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 153767767 bytes ->Flash cache emptied: 1934326 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 689388 bytes User: NetworkService ->Temp folder emptied: 5881856 bytes ->Temporary Internet Files folder emptied: 2418275 bytes ->Flash cache emptied: 766 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3464583 bytes %systemroot%\System32\dllcache .tmp files removed: 1300480 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 135597601 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.125,00 mb HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated. OTL by OldTimer - Version 3.2.9.1 log created on 08172010_180419 Files\Folders moved on Reboot... File move failed. C:\Dokumente und Einstellungen\Deekay\Lokale Einstellungen\Temp\1102.exe scheduled to be moved on reboot. C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temp\Perflib_Perfdata_4e8.dat moved successfully. Registry entries deleted on Reboot... |
|
17.08.2010, 19:08
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalwaredoktor zerpflückt mein System Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Antimalwaredoktor zerpflückt mein System |
| 0 bytes, 0x00000001, abgesicherten, adblock, adware.adrotator, adware.ezlife, adware.mirar, alternate, ask toolbar, ask.com, askbar, avgntflt.sys, bräuchte, components, datei, datein, datein retten, daten, document, durchgeführt, entfernt, excel.exe, firefox.exe, gabpath.exe, heute, index, kernel32.exe, launch, location, media center, microsoft office word, modus, nicht mehr, nichts, office 2007, officejet, oldtimer, partition, platt, plug-in, poste, posten, problem, rechte, retten, rogue.antimalwaredoctor, rogue.webmedia, runter, saver, scan, sched.exe, searchplugins, security update, software, sptd.sys, studio, system, usenext, visual studio, wichtige, wichtige daten, windows internet, windows internet explorer, wissen |
Linear-Darstellung
