|
Plagegeister aller Art und deren Bekämpfung: Mein Notebook fährt nach Virusattacke nicht runterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.04.2011, 18:02 | #1 |
| Mein Notebook fährt nach Virusattacke nicht runter Hallo liebe Gemeinschaft, ich habe folgengndes Problem: Mein Notebook fährt ständig wieder hoch. Es wird der blaue Bildschirm am Ende gezeigt, und anstatt das es sich ausschaltet, fährt es von alleine wieder hoch. Ich kann es nur durch haltendes Drücken der Ein-Ausschalttaste letztendlich ausschalten. Die Vorgeschichte ist die, ich habe mir den hässlichen "WindowsRecovery-Virus" eingefangen. Das war am 19.04.2011. Ich weiß nicht wie, aber er hat sich breit gemacht. Ich musste ihn also löschen! Das konnte ich aber nur manuell machen. So, jetzt ist der weg. Aber das Notebook zeigt den blauen Bildschirm, und fährt wieder hoch. Gibt es eine Funktion, die ich vielleicht gelöscht habe? Ich möchte ungern mein Vista 32bit neu installieren, ich habe keinen Nerv für so einen Aufwand. Könnt ihr mir bitte helfen? Ich möchte das das Notebook auch unten bleibt, und der blaue Bildschirm verschwindet. Ich habe ein Medion 17" 1 GB RAM 160GB Festplatte ( und 500MB extern) 1,6 GHz Dual Core Ich hoffe, ihr könnt mir aus der Patsche helfen lg jan |
21.04.2011, 16:22 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Notebook fährt nach Virusattacke nicht runter Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
22.04.2011, 10:40 | #3 |
| Mein Notebook fährt nach Virusattacke nicht runter Hallo Arne,
__________________ich habe jetzt hier das, was du brauchst. Die Logfiles vom malwarebytes: Durchsuchte Objekte: 369145 Laufzeit: 6 Stunde(n), 25 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 11 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows.old\Users\Test\AppData\Local\thinstall\Cache\Stubs\94604a84f25690fc3cb73733905fb38502848f5\rlliveupdate.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\Windows.old\Users\Test\AppData\Local\thinstall\Cache\Stubs\ddac70d3eba04dd181cc2c7724ba29d6f2c77251\splash screen.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\Windows.old\Users\Test\downloads\angesammeltes\crack __and_keygen___ autocad 2010\keygen-x-force\xf-a2010.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows.old\Users\Test\downloads\angesammeltes\x64\xf-a2010.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Windows.old\Users\Test\downloads\angesammeltes\x86\xf-a2010.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\MeinPC\AppData\Local\Temp\err.log3844410 (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\MeinPC\AppData\LocalLow\Sun\Java\deployment\cache\6.0\25\742470d9-2276f31c (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Users\MeinPC\Desktop\mobileneues\neuer ordner (2)\pdfcracker.exe (Hacktool.Agent) -> Quarantined and deleted successfully. c:\Users\MeinPC\Desktop\mobileneues\neuer ordner (2)\pdf_password_cracker_enterprise_3.1_portable_by_lp\Stubs\2fb97920e56917c06745e83536693c2f598066af\verclsid.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\Users\MeinPC\downloads\google.earth.plus.5.2.x-mpt\google.earth.plus.5.2.x-mpt.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\Users\MeinPC\Pictures\perso\diverse\WRR371\Patch.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. Hier habe ich 11 Gefahren beseitigt. Hier nun die 2 Logfiles von OTL Estras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.04.2011 11:13:59 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\MeinPC\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.7930.16406) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.021,00 Mb Total Physical Memory | 181,00 Mb Available Physical Memory | 18,00% Memory free 1,00 Gb Paging File | 0,00 Gb Available in Paging File | 12,00% Paging File free Paging file location(s): c:\pagefile.sys 220 1800 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 126,60 Gb Total Space | 60,85 Gb Free Space | 48,06% Space Free | Partition Type: NTFS Drive D: | 22,44 Gb Total Space | 16,36 Gb Free Space | 72,91% Space Free | Partition Type: FAT32 Computer Name: MEINPC-PC | User Name: MeinPC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4109640769-1886697713-457765705-1000] "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01A84012-E36A-47FF-9656-8A509DED8DA9}" = rport=138 | protocol=17 | dir=out | app=system | "{0469D519-507D-4E6B-824F-68E1969D8B6A}" = lport=138 | protocol=17 | dir=in | app=system | "{07116D52-93EE-40B3-84B1-507DC64DC48D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{078B4F3F-8EB1-4DBB-9A42-70C9B4D0A384}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{111C67EC-BCFA-4C28-ADCB-0A9095E12F7A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{168AA1BD-1C45-40A4-8CC2-73C875B781E9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{182B4B9D-698B-4DAB-891D-6527CE356245}" = rport=445 | protocol=6 | dir=out | app=system | "{1F88B63F-9CD5-4BC1-B406-896933303819}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{306BD113-BCBE-4C49-87E8-9681B9900648}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6797DD40-2044-41E7-8AC3-6FAA710C52BA}" = lport=445 | protocol=6 | dir=in | app=system | "{67CA6EC6-191E-4794-A7C1-0F12C1B0452A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{680F9071-7F5C-4F58-BA10-8282C59C57C1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7760B293-9293-4B02-A5D4-DE8BB26331D1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{78B6A4EE-BC99-49A2-B8CD-E214D57382F7}" = rport=139 | protocol=6 | dir=out | app=system | "{79F81CE5-F773-42AF-8C8C-33828C039F29}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7F56A0D6-8771-4B83-B77D-CDADEA88A7A7}" = rport=137 | protocol=17 | dir=out | app=system | "{864A4BA1-5902-47CD-A433-448CFAD8298F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{87F73ED0-1718-455D-B6DE-01152CB23B8E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BE2F7A4D-BA71-43E4-B2AD-812B32E731B9}" = lport=137 | protocol=17 | dir=in | app=system | "{C187CAFB-5B46-41D4-A141-6416912A48B9}" = lport=139 | protocol=6 | dir=in | app=system | "{C7C8C3D2-7A13-48DB-A6A9-076B9BC8FE75}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{CDCE8341-03CB-441D-9457-1C1CC360B689}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D70D4625-4A75-4246-B31F-0D62B7EF62E9}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{F855A69F-6C55-4771-A835-0C6DED03209F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{FCD7DB37-D24C-486A-BF23-EC230E50DA3C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{035D25D1-F464-4DF4-A15F-75D7B37A2E0D}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orb.exe | "{06CA6FBF-A66E-4464-9C00-0B60CA214A8D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0D7688DA-CD34-4981-8C8D-BD8CEE479188}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymedia.exe | "{119FEBAF-CA6B-4D8E-95C2-463D7938E9A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{11E1C9E9-A5C0-4C8E-8445-DF88C68D3BBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{11FF81D4-EF7A-4E85-AE48-DBB0A68FDE11}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbchannelscan.exe | "{149BBA93-3B0C-4783-B955-E8035C1609EB}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\xmltv.exe | "{1A107EDD-4AB6-4F6A-AFCA-A982D18E7416}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2180EB23-95E2-4FF2-AB51-E6E4777052EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2D855ECF-95C8-4F25-9B27-76D249BB46FF}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbchannelscan.exe | "{3188FA97-724D-45AB-A54F-A5C2FA83020A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{47222291-4604-4060-8379-723F742C2E87}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{4D47F9BE-3A45-4F83-917F-DE17DEE27664}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe | "{5D1C0422-C7D6-412A-9218-687E92899B03}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbtray.exe | "{5DDD5146-7740-4AC2-A70F-8BEC931CE501}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{6170B02C-72E6-4508-9E41-1F1C913E9A56}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{61A82743-47EE-4028-A98E-1BC974B22D9D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{70AE89A3-B67F-4137-9949-F94B5BA7EAF6}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orb.exe | "{73E069C7-C1E5-402D-A608-6A08192F74ED}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe | "{7559F1D5-F0BC-4CC9-A04D-08BCB45312A1}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymedia.exe | "{759260C3-64A0-44EB-A543-7C826421A221}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\xmltv.exe | "{81AC37C4-7894-4CA3-9BDA-33E66AE1122F}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbir.exe | "{82FCDAF2-5E3D-4881-AF5F-C9183FE118EF}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | "{A46C8DD2-7A81-4120-A6D8-02BD0455D492}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A634B7BA-3F9D-4A1E-BFDC-20F1597B3122}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ADFF2F64-47DC-4154-832F-741CBA591727}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbstreamerclient.exe | "{BF594352-4DEB-467A-99B8-299432FC4405}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C6147C07-D63B-4DC3-8E54-5E40EE518A0E}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbir.exe | "{D7AAADC6-2408-45FD-9A14-5F6F39C96CDA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DA4B5923-7BA1-46D3-BE5F-1447C9ECC8AE}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbtray.exe | "{F0B1CC61-0952-4695-9975-2BB4C1E1667E}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | "{F8BF49A5-0DA2-4388-994C-45B6465E0B07}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbstreamerclient.exe | "{FD1EFBD5-71BF-4D36-8244-4D14E7F398E8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{0261E33E-D282-40EB-9E6E-13696760026B}C:\program files\google\google earth pro\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth pro\googleearth.exe | "TCP Query User{13341D4A-1802-44D6-8E67-D4915AD8C2C9}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{23F97563-00F5-4D0F-8274-D69E3BF838E2}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | "TCP Query User{34AA43DF-4A27-4C86-9247-C0F46E876020}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{4A0233B7-D53B-42A7-8971-27CD1D9ED76B}C:\program files\videoviewer\videoviewer.exe" = protocol=6 | dir=in | app=c:\program files\videoviewer\videoviewer.exe | "TCP Query User{5C66C76F-30DF-4F23-BA97-2E84F9C00F13}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{7C16D4C9-2F13-40FE-8669-5502B756944A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{87F18C2B-DEBC-40FE-87F3-D7BF5DFF8A2E}C:\program files\video server e\video server e.exe" = protocol=6 | dir=in | app=c:\program files\video server e\video server e.exe | "TCP Query User{A22AF274-775D-4F3D-BFE2-9E6CD82F361A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{A5278CB2-8A35-4CFC-9C5F-0F2197FC795B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{B591BBD7-DABC-435F-8913-4826C50C2A89}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{BB5076DB-4C97-4B8D-9452-A6BAF4FE046C}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{C0AFCFFF-75EC-4049-A861-9185D5CCF551}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{C663D568-EC2F-49A4-9923-D06AFDDB9E26}C:\program files\encase4\encase.exe" = protocol=6 | dir=in | app=c:\program files\encase4\encase.exe | "TCP Query User{D4217D1F-FC2D-4047-A3FA-DEFBF7D3E152}C:\program files\encase4\encase.exe" = protocol=6 | dir=in | app=c:\program files\encase4\encase.exe | "TCP Query User{D772BD4D-7018-40FA-B989-81C8DC8C9089}C:\program files\videoviewer\videoviewer.exe" = protocol=6 | dir=in | app=c:\program files\videoviewer\videoviewer.exe | "TCP Query User{E8768575-4F7C-47A0-9C3C-A034CB874038}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "TCP Query User{F145C1EE-BE9F-4367-AC2B-3B2622660D12}C:\program files\beausoft\ncwpro\ncw.exe" = protocol=6 | dir=in | app=c:\program files\beausoft\ncwpro\ncw.exe | "TCP Query User{FE785922-3F9D-414C-8BC6-44F9F9603379}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | "UDP Query User{0071ACE8-2228-4FD0-BC72-58FA65B463EC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{05DA88B4-590E-47F4-9D59-97524F1706C9}C:\program files\videoviewer\videoviewer.exe" = protocol=17 | dir=in | app=c:\program files\videoviewer\videoviewer.exe | "UDP Query User{163AE8F5-918F-4B3C-8AE7-1D7FBC401CF1}C:\program files\encase4\encase.exe" = protocol=17 | dir=in | app=c:\program files\encase4\encase.exe | "UDP Query User{2EEB6855-F374-47D0-A9E8-5B79E0388686}C:\program files\video server e\video server e.exe" = protocol=17 | dir=in | app=c:\program files\video server e\video server e.exe | "UDP Query User{31DB32D5-66F7-41E3-846E-987995198739}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{33226A57-91AE-46BC-B95A-7EF86FABCBB4}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{50743C78-2D2A-4066-B305-5168A989C9EC}C:\program files\encase4\encase.exe" = protocol=17 | dir=in | app=c:\program files\encase4\encase.exe | "UDP Query User{51849E88-FC10-47B7-8274-F7CAE5F1A142}C:\program files\beausoft\ncwpro\ncw.exe" = protocol=17 | dir=in | app=c:\program files\beausoft\ncwpro\ncw.exe | "UDP Query User{552A44F4-C4DA-41C2-8C09-8A56765957F2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{5D765DEB-BD56-4550-AD24-DB21940A8D9B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{6D0270D8-AC4A-4502-A97B-2378B10524D7}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{73D5C539-CC15-44DA-9DF9-02638BAE9835}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | "UDP Query User{A5FBA626-45DF-4E50-9C98-1F229DFD3894}C:\program files\videoviewer\videoviewer.exe" = protocol=17 | dir=in | app=c:\program files\videoviewer\videoviewer.exe | "UDP Query User{ACA9B7E9-7A40-4A0F-AD24-60E84C58C796}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{BBE28B9F-CBFC-49B0-A6C5-1EBF86F956B1}C:\program files\google\google earth pro\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth pro\googleearth.exe | "UDP Query User{BCFE4387-DF87-49D7-9478-66230E1EF986}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | "UDP Query User{C9C8A651-8C2B-430D-8A06-1222632221DF}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{D4457EDD-D1D9-4503-BDEB-CC658B62A9A0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{D65E97D5-C04B-4881-819B-138C7FB86424}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{008F9A3A-24A0-408B-AD7F-95C414219A00}" = Adobe Setup "{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{07D97136-A219-41FE-9FF9-E18C8A312A7E}" = ProCoder 3 "{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1A8F7860-F5C6-48FE-8F0E-5CB113A40B13}" = Personal Tracker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{2766B331-2A22-4B87-94EE-EC93EE267EA0}" = map&guide professional 2008 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{30C50520-1B5E-4FD1-A87B-444F86E21031}" = Nero 7 Premium "{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater "{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite "{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED "{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition "{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5B9C0A5D-42FC-4EE5-8582-751217209F26}" = map&guide Kartendaten Europa Release 2008.3x (C:\Program Files\map&guide professional 2008\maps\EuropePremium.geo) "{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{772E9146-D676-4869-A298-047FF2A2B92D}" = Canopus Codec Option "{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8C0302AB-28E3-43F4-8414-10B8E0954ED9}" = Setup "{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 "{98A64C75-BFD6-4212-8746-8BADC7ABA79E}" = Virtual CD v9 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-F400-7761-000000000003}" = Adobe Acrobat 3D version 8 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B435433C-110A-4853-843A-7BD1EE59624E}_is1" = PlayerLiteHJ 1.0.1.1.LHJ "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX "{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{BE858A16-1712-4CD3-A46A-3AF1B807A5EA}" = Application Suite "{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution "{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime "{E4423F16-0E98-4855-BFF4-3EF016C55D67}" = Nokia_Multimedia_Common_Components_2_5 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FE96C49B-DB90-405E-A00E-09E38372F880}" = Camera Control Pro 2 "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Acrobat 3D version 8" = Adobe Acrobat 3D version 8 "Adobe Audition 3.0" = Adobe Audition 3.0 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_2225677e524ae91efb80c700be972bf" = Adobe Flash CS3 Professional "Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3 "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "AnyDVD" = AnyDVD "BullGuard" = BullGuard 8.7 "Canon SELPHY ES20" = Canon SELPHY ES20 "CloneDVD2" = CloneDVD2 "CloneDVDmobile" = CloneDVDmobile "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "ENTERPRISE" = Microsoft Office Enterprise 2007 "FILEminimizer Pictures_is1" = FILEminimizer Pictures "FileZilla Client" = FileZilla Client 3.2.7.1 "FormatFactory" = FormatFactory 2.50 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Nokia Ovi Suite" = Nokia Ovi Suite "PDF Password Cracker v3.1_is1" = PDF Password Cracker v3.1 "Samsung SCX-4x21 Series" = Samsung SCX-4x21 Series "SmarThru PC Fax" = SmarThru PC Fax "SPB Wireless Monitor" = SPB Wireless Monitor "Windows Mobile Device Handbook" = Windows Mobile®-MDA Vario V Handbuch "WinRAR archiver" = WinRAR "Wubi" = Ubuntu "X-Ways Forensics" = X-Ways Forensics ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Microsoft Links LS 2000" = Microsoft Links LS 2000 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 26.11.2010 20:07:08 | Computer Name = MeinPC-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 27.11.2010 15:03:52 | Computer Name = MeinPC-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 27.11.2010 15:18:36 | Computer Name = MeinPC-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 28.11.2010 17:25:10 | Computer Name = MeinPC-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.7930.16406 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 590 Anfangszeit: 01cb8f42aadd4a21 Zeitpunkt der Beendigung: 4 Error - 29.11.2010 12:00:07 | Computer Name = MeinPC-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung PlayerLiteHJ.exe, Version 1.0.1.1, Zeitstempel 0x4b5fd6fe, fehlerhaftes Modul PlayerLiteHJ.exe, Version 1.0.1.1, Zeitstempel 0x4b5fd6fe, Ausnahmecode 0xc0000005, Fehleroffset 0x00026edc, Prozess-ID 0x1054, Anwendungsstartzeit 01cb8fde7b3879ad. Error - 29.11.2010 15:36:13 | Computer Name = MeinPC-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.7930.16406 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 150c Anfangszeit: 01cb8ffc970a981e Zeitpunkt der Beendigung: 19 Error - 04.12.2010 00:42:59 | Computer Name = MeinPC-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.7930.16406 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1428 Anfangszeit: 01cb936daaba2527 Zeitpunkt der Beendigung: 15 Error - 04.12.2010 13:09:45 | Computer Name = MeinPC-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 04.12.2010 13:27:10 | Computer Name = MeinPC-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). Error - 08.12.2010 15:21:24 | Computer Name = MeinPC-PC | Source = RapiMgr | ID = 8 Description = Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code). [ OSession Events ] Error - 02.03.2011 04:58:09 | Computer Name = MeinPC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 57 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 22.04.2011 04:41:34 | Computer Name = MeinPC-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 22.04.2011 04:41:43 | Computer Name = MeinPC-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 22.04.2011 04:43:37 | Computer Name = MeinPC-PC | Source = Service Control Manager | ID = 7000 Description = Error - 22.04.2011 04:50:34 | Computer Name = MeinPC-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 22.04.2011 04:50:41 | Computer Name = MeinPC-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 22.04.2011 04:51:02 | Computer Name = MeinPC-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 22.04.2011 um 10:49:42 unerwartet heruntergefahren. Error - 22.04.2011 04:52:28 | Computer Name = MeinPC-PC | Source = Service Control Manager | ID = 7000 Description = Error - 22.04.2011 04:52:28 | Computer Name = MeinPC-PC | Source = Service Control Manager | ID = 7026 Description = Error - 22.04.2011 04:57:35 | Computer Name = MeinPC-PC | Source = Service Control Manager | ID = 7022 Description = Error - 22.04.2011 05:11:32 | Computer Name = MeinPC-PC | Source = DCOM | ID = 10000 Description = < End of report > und OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 22.04.2011 11:13:59 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\MeinPC\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.7930.16406) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.021,00 Mb Total Physical Memory | 181,00 Mb Available Physical Memory | 18,00% Memory free 1,00 Gb Paging File | 0,00 Gb Available in Paging File | 12,00% Paging File free Paging file location(s): c:\pagefile.sys 220 1800 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 126,60 Gb Total Space | 60,85 Gb Free Space | 48,06% Space Free | Partition Type: NTFS Drive D: | 22,44 Gb Total Space | 16,36 Gb Free Space | 72,91% Space Free | Partition Type: FAT32 Computer Name: MEINPC-PC | User Name: MeinPC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\MeinPC\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.) PRC - C:\Programme\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) PRC - C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\Common Files\Nokia\NoA\nokiaaserver.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\OO Software\DriveLED\oodlag.exe (O&O Software GmbH) PRC - C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\oodag.exe (O&O Software GmbH) PRC - C:\Windows\System32\oodtray.exe (O&O Software GmbH) PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\MeinPC\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (BsFire) -- C:\Programme\BullGuard Ltd\BullGuard\BsFire.dll (BullGuard Ltd.) SRV - (BgLiveSvc) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.) SRV - (BgMainSvc) -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (O&O DriveLED) -- C:\Program Files\OO Software\DriveLED\oodlag.exe (O&O Software GmbH) SRV - (VC9SecS) -- C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH) SRV - (BsMailProxy) -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy.dll (BullGuard Ltd.) SRV - (BsFileScan) -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.) SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH) ========== Driver Services (SafeList) ========== DRV - (afwcore) -- C:\Windows\System32\drivers\AfwCore.sys (Agnitum Ltd.) DRV - (afw) -- C:\Windows\System32\drivers\Afw.sys (Agnitum Ltd.) DRV - (Trufos) -- C:\Programme\BullGuard Ltd\BullGuard\Antirootkit\trufos.sys (BitDefender S.R.L.) DRV - (Profos) -- C:\Programme\BullGuard Ltd\BullGuard\Antirootkit\profos.sys (BitDefender S.R.L.) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (enport) -- C:\Windows\System32\drivers\enport.sys () DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (OODrvled) -- C:\Windows\system32\DRIVERS\OODrvled.sys (O&O Software GmbH) DRV - (vdrv9000) -- C:\Windows\System32\drivers\vdrv9000.sys (H+H Software GmbH) DRV - (BdFileSpy) -- C:\Windows\System32\drivers\BdFileSpy.sys (BullGuard Ltd.) DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys () DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (usbser) -- C:\Windows\System32\drivers\V-usbser.sys (Microsoft Corporation) DRV - (aver7700) -- C:\Windows\System32\drivers\aver7700.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro ) DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro ) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (HH9Help.sys) -- C:\Windows\System32\drivers\HH9Help.sys (H+H Software GmbH) DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.01 17:25:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.17 22:50:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.19 21:58:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.01 17:25:58 | 000,000,000 | ---D | M] [2010.11.28 15:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Extensions [2010.11.28 15:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.10 11:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MeinPC\AppData\Roaming\mozilla\Firefox\Profiles\m7429wyw.default\extensions [2010.11.19 21:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.11.19 21:58:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.19 21:58:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.01 17:25:57 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION [2010.11.19 21:57:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NexusServer] C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe () O4 - HKLM..\Run: [OODefragTray] C:\Windows\System32\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O4 - HKCU..\Run: [DriveLED] C:\Programme\OO Software\DriveLED\oodled.exe (O&O Software GmbH) O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O13 - gopher Prefix: missing O16 - DPF: {53049A9A-1122-4673-B8D4-12F545AE3285} hxxp://ipcam-252.dyndns.org/AVC_AX_764.cab (CV781Object Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} hxxp://192.168.0.147:65/AVC_AX_742.cab (AMCCtrl Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.214 192.168.0.200 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c0d333e6-65dc-11e0-9b9c-0040d0a36633}\Shell\AutoRun\command - "" = G:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 11:12:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\MeinPC\Desktop\OTL.exe [2011.04.21 19:32:09 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\Malwarebytes [2011.04.21 19:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.21 19:31:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.21 19:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.21 19:31:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.21 19:31:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.20 11:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.04.20 10:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard [2011.04.20 10:31:58 | 000,000,000 | -HSD | C] -- C:\found.000 [2011.04.19 22:10:09 | 000,000,000 | ---D | C] -- C:\Programme\Spb Software House [2011.04.19 21:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard(8567) [2011.04.19 21:34:28 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\BullGuard(9143) [2011.04.19 21:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard(8573) [2011.04.19 21:32:18 | 000,000,000 | ---D | C] -- C:\Programme\BullGuard Ltd(8566) [2011.04.19 17:50:10 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\{327370C5-CD9F-4813-A0C9-82CD3647CE1E} [2011.04.13 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Local\RapidSolution [2011.04.13 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\FILEminimizerPictures [2011.04.13 21:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Pictures 2.0 [2011.04.13 21:09:41 | 000,000,000 | ---D | C] -- C:\Programme\FILEminimizer Pictures [2011.04.13 17:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard 9.0 Upgrade [2011.04.13 17:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard(9195) [2011.04.13 17:05:04 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\AppData\Roaming\BullGuard [2011.04.13 17:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard [2011.04.13 17:02:20 | 000,055,504 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\drivers\BdFileSpy.sys [2011.04.13 17:01:47 | 000,000,000 | ---D | C] -- C:\Programme\BullGuard Ltd [2011.04.12 19:15:09 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\COMIC [2011.04.10 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\100D5000 [2011.04.04 19:23:09 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Desktop\eBayISAPI.dll Tracker-Dateien [2011.03.27 00:10:44 | 000,000,000 | ---D | C] -- C:\Users\MeinPC\Documents\Aquarium [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.22 10:51:32 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2011.04.22 10:51:23 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 10:51:23 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 10:50:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 10:50:44 | 1071,718,400 | -HS- | M] () -- C:\hiberfil.sys [2011.04.22 10:50:41 | 001,547,724 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2011.04.21 19:31:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 19:29:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\MeinPC\Desktop\OTL.exe [2011.04.20 22:27:29 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.20 22:27:29 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.20 22:27:29 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.20 22:27:28 | 000,123,658 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.20 18:12:35 | 000,010,525 | ---- | M] () -- C:\Users\MeinPC\AppData\Roaming\SmarThruOptions.xml [2011.04.20 18:10:04 | 000,084,994 | ---- | M] () -- C:\Users\MeinPC\Desktop\Melde 20.04.2011 18-08.jpg [2011.04.19 21:44:43 | 000,087,376 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp(9165).dll [2011.04.15 16:31:51 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile(9199) [2011.04.13 21:09:43 | 000,000,927 | ---- | M] () -- C:\Users\MeinPC\Desktop\FILEminimizer.lnk [2011.04.13 17:17:42 | 000,087,376 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2011.04.13 17:17:42 | 000,014,160 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll [2011.04.13 17:17:13 | 000,318,488 | R--- | M] (Agnitum Ltd.) -- C:\Windows\System32\drivers\AfwCore.sys [2011.04.13 17:17:13 | 000,029,208 | R--- | M] (Agnitum Ltd.) -- C:\Windows\System32\drivers\Afw.sys [2011.04.13 17:04:31 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard.lnk [2011.04.04 19:23:18 | 000,130,908 | ---- | M] () -- C:\Users\MeinPC\Desktop\eBayISAPI.dll Tracker.htm [2011.04.04 14:47:13 | 000,000,514 | ---- | M] () -- C:\Users\MeinPC\Desktop\20110404144713.kml [2011.04.03 16:33:41 | 000,028,832 | ---- | M] () -- C:\Users\MeinPC\Documents\trinkwasser_linksrheinisch.pdf [2011.03.29 21:34:32 | 002,255,511 | ---- | M] () -- C:\Users\MeinPC\Desktop\_DSC0001.JPG [2011.03.26 20:28:05 | 000,305,597 | ---- | M] () -- C:\Users\MeinPC\Documents\zeitschaltsteckdose REV 2591.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 19:31:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.20 18:10:04 | 000,084,994 | ---- | C] () -- C:\Users\MeinPC\Desktop\Melde 20.04.2011 18-08.jpg [2011.04.20 10:00:19 | 1071,718,400 | -HS- | C] () -- C:\hiberfil.sys [2011.04.13 21:09:43 | 000,000,927 | ---- | C] () -- C:\Users\MeinPC\Desktop\FILEminimizer.lnk [2011.04.13 17:04:31 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard.lnk [2011.04.04 19:23:08 | 000,130,908 | ---- | C] () -- C:\Users\MeinPC\Desktop\eBayISAPI.dll Tracker.htm [2011.04.04 14:47:13 | 000,000,514 | ---- | C] () -- C:\Users\MeinPC\Desktop\20110404144713.kml [2011.04.03 16:33:41 | 000,028,832 | ---- | C] () -- C:\Users\MeinPC\Documents\trinkwasser_linksrheinisch.pdf [2011.03.29 21:30:08 | 002,255,511 | ---- | C] () -- C:\Users\MeinPC\Desktop\_DSC0001.JPG [2011.03.26 20:28:05 | 000,305,597 | ---- | C] () -- C:\Users\MeinPC\Documents\zeitschaltsteckdose REV 2591.pdf [2011.01.06 23:33:01 | 000,001,442 | ---- | C] () -- C:\Windows\cqff_c.ini [2010.12.25 00:57:31 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin [2010.12.24 21:10:39 | 000,000,174 | ---- | C] () -- C:\Windows\BsMobileModel.ini [2010.12.21 00:38:13 | 000,000,020 | ---- | C] () -- C:\Windows\crackpdf.INI [2010.11.15 20:21:20 | 000,176,128 | ---- | C] () -- C:\Windows\System32\AVC_AP_H264.dll [2010.11.15 20:21:20 | 000,018,432 | ---- | C] () -- C:\Windows\System32\AVC_AP_JPEG.dll [2010.11.15 20:21:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\AVC_AP_SCALE.dll [2010.11.15 20:21:18 | 000,323,584 | ---- | C] () -- C:\Windows\System32\Deinterlace.dll [2010.11.15 20:21:10 | 000,176,128 | ---- | C] () -- C:\Windows\System32\AVC_H264.dll [2010.11.15 20:21:10 | 000,018,432 | ---- | C] () -- C:\Windows\System32\AVC_JPEG.dll [2010.11.13 23:30:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.11.12 23:32:55 | 000,000,173 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.10.09 23:18:17 | 000,002,560 | ---- | C] () -- C:\Windows\System32\pavedius.dll [2010.10.09 23:18:03 | 000,003,072 | ---- | C] () -- C:\Windows\hasp_windows.dll [2010.08.29 13:55:18 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2010.08.11 12:22:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\AVC_AX_764_H264.dll [2010.07.24 12:33:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\gsimrxnp.dll [2010.07.24 12:33:48 | 000,004,992 | ---- | C] () -- C:\Windows\System32\drivers\enport.sys [2010.07.15 12:05:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\AVC_AX_764_SCALE.dll [2010.07.15 11:54:44 | 000,018,432 | ---- | C] () -- C:\Windows\System32\AVC_AX_764_JPEG.dll [2010.07.14 11:24:44 | 000,010,752 | ---- | C] () -- C:\Users\MeinPC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.12 00:23:53 | 000,000,268 | RH-- | C] () -- C:\Users\MeinPC\AppData\Roaming\Chiller [2010.07.12 00:21:13 | 000,000,268 | RH-- | C] () -- C:\Users\MeinPC\AppData\Roaming\Carbon [2010.07.12 00:14:47 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2010.07.12 00:07:09 | 000,010,525 | ---- | C] () -- C:\Users\MeinPC\AppData\Roaming\SmarThruOptions.xml [2010.07.12 00:06:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe [2010.07.12 00:06:43 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll [2010.07.12 00:06:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll [2010.07.12 00:06:19 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini [2010.07.12 00:06:11 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll [2010.07.12 00:03:31 | 000,466,944 | ---- | C] () -- C:\Windows\ssndii.exe [2010.07.12 00:01:28 | 000,086,016 | R--- | C] () -- C:\Windows\WiaInst.exe [2010.07.12 00:00:49 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll [2010.07.12 00:00:49 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll [2010.07.12 00:00:49 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll [2010.07.12 00:00:49 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll [2010.07.11 23:59:51 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugw2l3.dll [2010.07.11 23:02:38 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI [2010.07.11 18:33:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.11 18:32:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.11 18:32:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.07.06 21:03:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\AVC_AX_742_H264.dll [2010.07.06 20:55:36 | 000,018,432 | ---- | C] () -- C:\Windows\System32\AVC_AX_742_JPEG.dll [2010.07.06 20:51:56 | 000,005,632 | ---- | C] () -- C:\Windows\System32\AVC_AX_742_SCALE.dll [2010.06.17 19:07:24 | 000,159,251 | ---- | C] () -- C:\Windows\System32\swscale-0.11.0.dll [2010.06.17 19:07:24 | 000,070,163 | ---- | C] () -- C:\Windows\System32\avutil-50.19.0.dll [2010.06.17 19:07:22 | 000,798,739 | ---- | C] () -- C:\Windows\System32\avcodec-52.77.0.dll [2010.06.17 19:07:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\avformat-52.68.0.dll [2010.06.11 19:47:58 | 000,135,168 | ---- | C] () -- C:\Windows\System32\utf8_2_font.dll [2008.12.07 13:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys [2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 17:33:31 | 000,621,952 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,123,658 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 001,715,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,590,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,102,094 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BF14D50A < End of report > Danke schon mal, dass du dich so schnell gemeldet hast viele grüße jan |
22.04.2011, 12:28 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mein Notebook fährt nach Virusattacke nicht runterZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
22.04.2011, 16:39 | #5 |
| Mein Notebook fährt nach Virusattacke nicht runter ich habe keine illegalen programmen drauf. diese dateien sind blos abgespeichert, und nur zur unzersuchung drauf gewesen. ich hatte mal damit antiviren programme miteinander verglichen dabei hatte ich diese dateien durch antivirenprogs gelöscht. mich wundert es, dass die noch drauf sind grüße jan |
Themen zu Mein Notebook fährt nach Virusattacke nicht runter |
32bit, bildschirm, blaue, festplatte, folge, funktion, gelöscht, hoffe, installiere, installieren, konnte, liebe, löschen, manuell, medion, neu, notebook, platte, problem, runter, schaf, taste, virusattacke, vista, vista 32bit, vorgeschichte |