Trojaner-Board - Windows Verschlüsselungs Trojaner infiziert

Hallo , danke für deine schnelle Antwort , habe den Trojaner gestern mit Hilfe der Kaspersky Rescue CD vernichtet , also ich kann den computer zumindest wieder normal benutzen ohne den abgesicherten Modus .
Nun sind halt nur noch meine Daten verschlüsselt , wie ich hier im Forum gelesen hab gibt es anscheinen 2 verschiedene Arten der Verschüsselung , meine ist die mit den scheinbar zufälligen Buchstaben Reihen , also beispielsweise : artNsLVvVjpAxOxEDoU
Den OTL scan habe ich durchgeführt , hier die logfiles :

OTL EXTRAS Logfile:

Code:

OTL logfile created on: 14.06.2012 10:33:42 - Run 1

OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Florian Spann\Desktop

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,89% Memory free

5,99 Gb Paging File | 4,85 Gb Available in Paging File | 80,96% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 287,99 Gb Total Space | 156,96 Gb Free Space | 54,50% Space Free | Partition Type: NTFS

 

Computer Name: FLORIANSPANN-PC | User Name: Florian Spann | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Florian Spann\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\Florian Spann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Norton AntiVirus\Engine\19.7.1.5\ccsvchst.exe (Symantec Corporation)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\Florian Spann\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Users\Florian Spann\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll ()

MOD - C:\Users\Florian Spann\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()

MOD - C:\Users\Florian Spann\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll ()

MOD - C:\Users\Florian Spann\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()

MOD - C:\Users\Florian Spann\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()

MOD - C:\Users\Florian Spann\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()

MOD - C:\Users\Florian Spann\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll ()

MOD - C:\Users\FLORIA~1\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (KMService) -- C:\Windows\System32\srvany.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120613.007\IDSvix86.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120613.033\NAVEX15.SYS (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120613.033\NAVENG.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120531.001\BHDrvx86.sys (Symantec Corporation)

DRV - (SymNetS) -- C:\Windows\System32\drivers\NAV\1307010.005\symnets.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1307010.005\symefa.sys (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1307010.005\ironx86.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1307010.005\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\NAV\1307010.005\srtspx.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1307010.005\ccsetx86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1307010.005\symds.sys (Symantec Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=7e0d39d5-2b35-11e1-9dfe-001377f17b49&q={searchTerms}

IE - HKLM\..\SearchScopes\{E1E845EE-44AC-4D5C-BB4E-8C1EC896C6F7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 9C 6D BB 6C BE CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=7e0d39d5-2b35-11e1-9dfe-001377f17b49&q={searchTerms}

IE - HKCU\..\SearchScopes\{17CEFD12-8687-4CAB-9D70-57FC54FEA35D}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKCU\..\SearchScopes\{5D8DD86A-1BC2-4979-ABC6-4BBE2BF51055}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

IE - HKCU\..\SearchScopes\{E1E845EE-44AC-4D5C-BB4E-8C1EC896C6F7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB8&ctid=CT2319825&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?SSPV=FFOB8&ctid=CT2319825&SearchSource=13"

FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB8&ctid=CT2319825&SearchSource=2&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Florian Spann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Florian Spann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012.02.04 12:23:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.03 16:46:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.30 14:40:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 18:34:19 | 000,000,000 | ---D | M]

 

[2012.01.30 14:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian Spann\AppData\Roaming\mozilla\Extensions

[2012.06.02 17:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian Spann\AppData\Roaming\mozilla\Firefox\Profiles\hhy2aimk.default\extensions

[2012.05.07 14:21:47 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Florian Spann\AppData\Roaming\mozilla\Firefox\Profiles\hhy2aimk.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}

[2012.03.31 13:32:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Florian Spann\AppData\Roaming\mozilla\Firefox\Profiles\hhy2aimk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.02.19 20:03:04 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Florian Spann\AppData\Roaming\mozilla\Firefox\Profiles\hhy2aimk.default\extensions\crossriderapp2258@crossrider.com

[2012.05.06 15:45:56 | 000,000,947 | ---- | M] () -- C:\Users\Florian Spann\AppData\Roaming\Mozilla\Firefox\Profiles\hhy2aimk.default\searchplugins\conduit.xml

[2012.03.16 20:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.16 20:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012.02.03 16:46:22 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

File not found (No name found) -- C:\USERS\FLORIAN SPANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HHY2AIMK.DEFAULT\EXTENSIONS\SOFTWARE@LOADTUBES.COM

[2012.01.30 14:42:16 | 000,048,898 | ---- | M] () (No name found) -- C:\USERS\FLORIAN SPANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HHY2AIMK.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI

[2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.03.16 20:01:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.05.07 14:21:08 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll

[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.25 12:53:26 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Florian Spann\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Florian Spann\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Florian Spann\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Florian Spann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Florian Spann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Florian Spann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Florian Spann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.0_0\

CHR - Extension: YouTube = C:\Users\Florian Spann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Users\Florian Spann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: vshare plugin = C:\Users\Florian Spann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Florian Spann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Greyscale = C:\Users\Florian Spann\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm\1.0_0\

CHR - Extension: Google Mail = C:\Users\Florian Spann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.04.20 19:11:42 | 000,002,301 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1       localhost

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 3dns.adobe.com

O1 - Hosts: 127.0.0.1 3dns-1.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-4.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com

O1 - Hosts: 127.0.0.1 hh-software.com

O1 - Hosts: 25 more lines...

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Users\Florian Spann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Florian Spann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Florian Spann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96FE1C6B-A0EC-450F-96C4-D5699CA49021}: DhcpNameServer = 192.168.2.1 192.168.2.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2871ffe7-2b2a-11e1-9dfe-001377f17b49}\Shell - "" = AutoRun

O33 - MountPoints2\{2871ffe7-2b2a-11e1-9dfe-001377f17b49}\Shell\AutoRun\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{2871ffe7-2b2a-11e1-9dfe-001377f17b49}\Shell\configure\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{2871ffe7-2b2a-11e1-9dfe-001377f17b49}\Shell\install\command - "" = E:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.14 10:32:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Florian Spann\Desktop\OTL.exe

[2012.06.12 23:26:22 | 000,000,000 | ---D | C] -- C:\Users\Florian Spann\Desktop\Entschlüsselung

[2012.06.12 19:15:09 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.06.12 17:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.06.12 17:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.06.12 17:15:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.06.12 17:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.06.12 15:28:44 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2012.06.05 19:36:52 | 000,000,000 | R--D | C] -- C:\Users\Florian Spann\Dropbox

[2012.06.05 19:35:29 | 000,000,000 | ---D | C] -- C:\Users\Florian Spann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2012.06.05 19:34:40 | 000,000,000 | ---D | C] -- C:\Users\Florian Spann\AppData\Roaming\Dropbox

[2012.06.04 09:21:22 | 000,000,000 | ---D | C] -- C:\Users\Florian Spann\Desktop\Paul Kalkbrenner

[2012.05.26 16:40:11 | 000,000,000 | ---D | C] -- C:\Users\Florian Spann\.pdfsam

[2012.05.26 15:18:12 | 000,000,000 | ---D | C] -- C:\Users\Florian Spann\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012.05.26 15:18:12 | 000,000,000 | ---D | C] -- C:\Users\Florian Spann\AppData\Roaming\Adobe Mini Bridge CS5

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.14 10:32:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Florian Spann\Desktop\OTL.exe

[2012.06.14 10:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.14 10:03:01 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-753706278-2606631050-4122030780-1000UA.job

[2012.06.14 09:59:46 | 001,100,343 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1307010.005\Cat.DB

[2012.06.14 09:56:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.06.13 19:12:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-753706278-2606631050-4122030780-1000Core.job

[2012.06.13 10:55:56 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.13 10:55:56 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.13 10:47:55 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.12 23:09:48 | 000,025,866 | ---- | M] () -- C:\Users\Florian Spann\Desktop\config.xml

[2012.06.12 23:09:15 | 000,062,065 | ---- | M] () -- C:\Users\Florian Spann\Desktop\ransom_file_unlocker.zip

[2012.06.12 17:15:15 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.12 09:46:17 | 000,002,399 | ---- | M] () -- C:\Users\Florian Spann\Desktop\Google Chrome.lnk

[2012.06.11 00:16:36 | 000,411,661 | ---- | M] () -- C:\Users\Florian Spann\Desktop\artNsLVvVjpAxOxEDoU

[2012.06.11 00:14:56 | 000,337,686 | ---- | M] () -- C:\Users\Florian Spann\Desktop\ytprLNlVlJAJaLTgVg

[2012.06.11 00:14:32 | 000,064,523 | ---- | M] () -- C:\Users\Florian Spann\Desktop\aOtgsExufEpyUrG

[2012.06.08 17:54:07 | 000,035,093 | ---- | M] () -- C:\Users\Florian Spann\Desktop\sNenevfJpAfgGq

[2012.06.08 17:52:34 | 000,337,686 | ---- | M] () -- C:\Users\Florian Spann\Desktop\VsgqvexXQVOpqDN

[2012.06.05 19:36:52 | 000,001,054 | ---- | M] () -- C:\Users\Florian Spann\Desktop\Dropbox.lnk

[2012.06.05 19:35:46 | 000,001,064 | ---- | M] () -- C:\Users\Florian Spann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012.06.04 09:14:54 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.06.04 09:14:54 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.06.04 09:14:54 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.06.04 09:14:54 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.25 09:50:17 | 000,002,310 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk

[2012.05.25 09:49:20 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1307010.005\VT20120410.034

 
 ========== Files Created - No Company Name ==========

 

[2012.06.12 23:09:48 | 000,025,866 | ---- | C] () -- C:\Users\Florian Spann\Desktop\config.xml

[2012.06.12 23:09:26 | 000,062,065 | ---- | C] () -- C:\Users\Florian Spann\Desktop\ransom_file_unlocker.zip

[2012.06.12 23:02:00 | 000,879,394 | ---- | C] () -- C:\Users\Florian Spann\Desktop\Chrysanthemum.jpg

[2012.06.12 23:02:00 | 000,845,941 | ---- | C] () -- C:\Users\Florian Spann\Desktop\Desert.jpg

[2012.06.12 23:02:00 | 000,775,702 | ---- | C] () -- C:\Users\Florian Spann\Desktop\Jellyfish.jpg

[2012.06.12 23:02:00 | 000,595,284 | ---- | C] () -- C:\Users\Florian Spann\Desktop\Hydrangeas.jpg

[2012.06.12 17:15:15 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.05 19:36:52 | 000,001,054 | ---- | C] () -- C:\Users\Florian Spann\Desktop\Dropbox.lnk

[2012.06.05 19:35:46 | 000,001,064 | ---- | C] () -- C:\Users\Florian Spann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012.05.13 22:09:57 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe

[2012.04.12 14:40:08 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini

[2012.04.07 12:55:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2012.03.31 13:54:28 | 000,007,601 | ---- | C] () -- C:\Users\Florian Spann\AppData\Local\Resmon.ResmonCfg

[2012.01.07 14:32:53 | 000,239,051 | ---- | C] () -- C:\Windows\hpwins26.dat

[2011.12.19 18:50:33 | 000,017,408 | ---- | C] () -- C:\Users\Florian Spann\AppData\Local\WebpageIcons.db

[2011.04.12 03:30:05 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2011.04.12 03:30:05 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 

< End of report >

--- --- ---

und hier die Extras.txt :OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 14.06.2012 10:33:42 - Run 1

OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Florian Spann\Desktop

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,89% Memory free

5,99 Gb Paging File | 4,85 Gb Available in Paging File | 80,96% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 287,99 Gb Total Space | 156,96 Gb Free Space | 54,50% Space Free | Partition Type: NTFS

 

Computer Name: FLORIANSPANN-PC | User Name: Florian Spann | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{026988CF-14AB-4DAC-9B4E-62B79E3B35FC}" = rport=138 | protocol=17 | dir=out | app=system | 

"{075943EE-D7F8-4DE5-AC52-69114133CE3E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{13DA7375-9021-41B9-BBFC-D27F0BAF03B8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 

"{13DD3FF8-3EF4-44DE-AFC7-C0D9FFC6F718}" = lport=137 | protocol=17 | dir=in | app=system | 

"{225D131C-7958-48A3-BD6B-F04C65372A4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{2D7C878E-AAD7-4BF8-84DC-EA005153EDF7}" = lport=139 | protocol=6 | dir=in | app=system | 

"{31553C54-D22E-412D-A4A9-BA03394F78DA}" = rport=445 | protocol=6 | dir=out | app=system | 

"{322E0E52-3953-4F48-9A13-145D1DBC8F25}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{372948CD-C93E-48E2-8ADC-DE5274144D7E}" = rport=139 | protocol=6 | dir=out | app=system | 

"{5B744782-F2D0-44EB-B442-75C53A7C35C1}" = lport=138 | protocol=17 | dir=in | app=system | 

"{6BD39A80-D11A-4E50-A381-BF2906FFED45}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{6F90D5B2-4EAF-4482-8960-9E1C24B7E791}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{81AF30D1-6F25-4FA6-922E-4011C2A6A424}" = rport=137 | protocol=17 | dir=out | app=system | 

"{937F5435-4E30-4055-BC94-ADC306FD9908}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{9AD6ACB9-6504-410D-81FF-B97F9B3B1E6B}" = lport=445 | protocol=6 | dir=in | app=system | 

"{ADA49861-38E1-490D-ADB3-C44ADA493FB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{CB573AA1-B415-40A9-8430-63C6014FA966}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{CEF91111-D6B7-47FA-A46B-F87A4024E186}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D7C8447D-8A34-4BDD-A965-96E736E536E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D9A0E18E-0E48-43C6-B4B3-8ADAB43D3BF7}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{D9C37D83-FCDD-4E79-A471-AA41494877E3}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{DA199662-4C1F-4430-83AE-2D3F35A9128E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 

"{E236717A-CC86-4BDE-AF4E-DA8D9E46D0A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{017E9220-A095-4025-8886-96287550550A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{0F8744EB-299E-40BA-AC27-41D48C6425DF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{18DDE665-0D3C-43D0-833D-A1F0DCBE810F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 

"{221FCAC0-9C4E-4147-B091-F27448597BB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{249E2D3A-643C-4D42-B027-0B9A840DE7F6}" = dir=in | app=d:\setup\hpznui01.exe | 

"{279893CD-C1C0-4881-9EDA-81DE1134A2F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{402C974E-290E-4E51-A008-9F894474C07A}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{415FD045-B8BC-420E-9AF1-3CFA3A1D83D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 

"{4D70FF26-D196-4EFE-90AD-FDA4402A3447}" = protocol=17 | dir=in | app=c:\users\florian spann\appdata\roaming\dropbox\bin\dropbox.exe | 

"{58C522BC-F85A-490F-A052-8216516C3181}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{602CA01F-FD10-4D23-B39A-90A7EE73C231}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 

"{6393A59F-806C-46C3-B7B5-C5B6526729C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{65005141-E31D-4D55-9832-98093DC504BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{6A3B3F08-1359-4BE0-8A30-2D5F9525E7EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{6E4EB0EC-4FA9-4615-ADBD-EC837238B4E5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{6E63F7F8-E07D-43F2-AFC4-341A6F8D94B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{8BD6A3AA-BBBA-4943-81CF-5ABC2C2D92F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 

"{8F2F9A1A-5DF2-48D1-BA20-678E26AC9FFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{9293654B-51B9-434C-9505-B286B3084F32}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 

"{A61C861D-4158-45A2-AEAB-FC00EB1F8A14}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe | 

"{A84CF2F9-6CC3-4F45-806D-38EE817C1205}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{AAFA8EEB-8C97-4A88-A35E-94581BCEC002}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{ADAD26C5-6D03-49B6-BC01-3D5E408EAA73}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{B0680123-6089-4787-8323-17264B401150}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{BDD1BEA2-B4E8-4AFB-A4DB-0A7C957838A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{C0BE4104-0120-4AF7-9B96-5058C8352028}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{C2C77A29-62F8-47C9-9171-8F93BCCC2CA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CBE20287-584E-4706-AB60-D6E6312288FA}" = protocol=6 | dir=in | app=c:\users\florian spann\appdata\roaming\dropbox\bin\dropbox.exe | 

"{D17D95C8-0A91-410C-9E39-7EE05A4E7B39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D731B63E-BBEB-45D0-B8E5-826EC43A9B86}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 

"{D7F5BC1A-8A9A-4E2D-9EB4-D78B7F6EB6EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 

"{E2BA7E69-065B-4387-A777-A8C4F412F145}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{FD4D2BA9-2A35-4995-BB0E-5270AD36455D}" = protocol=6 | dir=out | app=system | 

"TCP Query User{013188B9-8C6D-4420-8DD0-1A27F2ADDEBD}C:\program files\america's army\system\server.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\server.exe | 

"TCP Query User{13070DEB-877C-4D15-9E50-27590F9AF52D}C:\program files\america's army\system\server.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\server.exe | 

"TCP Query User{181CEE77-651E-4C58-96BA-D16CF95469B5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{4712670B-825F-4B0C-8835-D70C6033536F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{52BFC8B9-4B4E-4D33-BF51-A8C8B10B5265}C:\program files\cossacks - back to war\dmcr.exe" = protocol=6 | dir=in | app=c:\program files\cossacks - back to war\dmcr.exe | 

"TCP Query User{660EF649-B623-4FDF-8C2D-FA7A906F0BCF}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 

"TCP Query User{7C0DBBD2-895F-41E7-8197-67C3E6CE6D45}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe | 

"TCP Query User{7F6BA009-E572-4B1F-9CBE-CD45DB63BA19}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 

"TCP Query User{974ED291-5D74-4CFD-842E-DC77A77BF146}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe | 

"TCP Query User{9C149684-B35C-4F06-879C-CDE26D8AB1A1}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe | 

"TCP Query User{A44A1F78-9C86-402A-B608-DA8FC35BAE38}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe | 

"TCP Query User{AFEE907A-2C61-46C4-9EC3-911DF25603BB}C:\users\florian spann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\florian spann\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{CC8B1491-16D3-492A-AE16-BB8563D4F8A4}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe | 

"TCP Query User{D54DADF8-F6F2-48FD-9FDB-1457835226C3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"TCP Query User{E6EB8E59-8464-4078-A26C-95BD50A9F550}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 

"UDP Query User{02693F65-D534-4362-A1AB-A9E1E434CC01}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{376EB670-D593-4998-9442-76056CA1349C}C:\program files\cossacks - back to war\dmcr.exe" = protocol=17 | dir=in | app=c:\program files\cossacks - back to war\dmcr.exe | 

"UDP Query User{4F7648FC-89F5-4752-95DA-4B9C05945ADD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{6735FB04-139E-4C40-A189-9F8C2DFECC25}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe | 

"UDP Query User{6B808A76-EEFD-4309-902D-025043BEF1D0}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 

"UDP Query User{6CABBCCB-3C3F-4D8E-9745-5F2451BC618B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{7ABDC9EB-DFD7-4ED0-98EE-FF602037C0AA}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe | 

"UDP Query User{96548E60-28BE-430D-88DC-EAB3F532AE21}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 

"UDP Query User{B0A4ED64-2871-4D88-A00A-5400B22EB03B}C:\program files\america's army\system\server.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\server.exe | 

"UDP Query User{B4D898F8-F770-4010-86D3-150CB5B0EC1B}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe | 

"UDP Query User{BC911926-90F6-4E64-9F35-1918781868CB}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe | 

"UDP Query User{DBF79B9A-7F2E-477E-8C0B-59704E310945}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 

"UDP Query User{E412B9A2-AFEB-4136-B072-DC3C20D6FEB2}C:\program files\america's army\system\server.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\server.exe | 

"UDP Query User{E74C3CBB-6A62-4125-9654-4480754ED525}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe | 

"UDP Query User{EA803A81-3C97-4F4B-A373-667C5F89EC92}C:\users\florian spann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\florian spann\appdata\roaming\dropbox\bin\dropbox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86

"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network

"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)

"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}" = America's Army

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"5513-1208-7298-9440" = JDownloader 0.9

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Cossacks : Back To War" = Cossacks - Back To War

"DAEMON Tools Lite" = DAEMON Tools Lite

"Dassault Systemes B19_0" = Dassault Systemes Software B19

"DivX Setup" = DivX-Setup

"facemoods" = Facemoods Toolbar

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319

"iLivid" = iLivid

"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)

"NAV" = Norton AntiVirus

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"SopCast" = SopCast 3.4.7

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812

"Veetle TV" = Veetle TV

"VLC media player" = VLC media player 2.0.1

"vShare.tv plugin" = vShare.tv plugin 1.3

"WinRAR archiver" = WinRAR 4.01 (32-Bit)

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 13.06.2012 13:11:52 | Computer Name = FlorianSpann-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2590349

 

Error - 13.06.2012 13:11:52 | Computer Name = FlorianSpann-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2590349

 

Error - 13.06.2012 17:30:55 | Computer Name = FlorianSpann-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 13.06.2012 17:30:55 | Computer Name = FlorianSpann-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1029

 

Error - 13.06.2012 17:30:55 | Computer Name = FlorianSpann-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1029

 

Error - 13.06.2012 17:30:56 | Computer Name = FlorianSpann-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 13.06.2012 17:30:56 | Computer Name = FlorianSpann-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2043

 

Error - 13.06.2012 17:30:56 | Computer Name = FlorianSpann-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2043

 

Error - 13.06.2012 17:30:57 | Computer Name = FlorianSpann-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 13.06.2012 17:30:57 | Computer Name = FlorianSpann-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3307

 

[ System Events ]

Error - 13.06.2012 17:16:02 | Computer Name = FlorianSpann-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler

 beendet:   %%-2140993535

 

Error - 13.06.2012 17:16:02 | Computer Name = FlorianSpann-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%-2140993535

 

Error - 13.06.2012 17:16:02 | Computer Name = FlorianSpann-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%-2140993535

 

Error - 13.06.2012 17:16:02 | Computer Name = FlorianSpann-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler

 beendet:   %%-2140993535

 

Error - 14.06.2012 03:56:12 | Computer Name = FlorianSpann-PC | Source = PNRPSvc | ID = 102

Description = 

 

Error - 14.06.2012 03:56:12 | Computer Name = FlorianSpann-PC | Source = PNRPSvc | ID = 102

Description = 

 

Error - 14.06.2012 03:56:12 | Computer Name = FlorianSpann-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler

 beendet:   %%-2140993535

 

Error - 14.06.2012 03:56:12 | Computer Name = FlorianSpann-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%-2140993535

 

Error - 14.06.2012 03:56:12 | Computer Name = FlorianSpann-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%-2140993535

 

Error - 14.06.2012 03:56:12 | Computer Name = FlorianSpann-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler

 beendet:   %%-2140993535

 

 

< End of report >

--- --- ---

gruß Flo