| michaelgerol | 29.04.2011 15:47 |
Hallo,
hier die Dateien:
Egebniss des Vollscans aus Malwarebytes:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Datenbank Version: 6463
Windows 5.1.2600 Service Pack 3, v.3244
Internet Explorer 7.0.5730.13
29.04.2011 16:34:39
mbam-log-2011-04-29 (16-34-39).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 226495
Laufzeit: 45 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> Not selected for removal. Und nun die Ergebnisse von OTL:OTL Logfile: Code:
OTL logfile created on: 29.04.2011 16:38:44 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3, v.3244 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 160,00 Gb Total Space | 134,43 Gb Free Space | 84,02% Space Free | Partition Type: NTFS
Drive D: | 138,09 Gb Total Space | 88,26 Gb Free Space | 63,92% Space Free | Partition Type: NTFS
Drive H: | 482,74 Mb Total Space | 12,74 Mb Free Space | 2,64% Space Free | Partition Type: FAT
Computer Name: 965P | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Lexware\LxWebAccess\LxWebAccess.exe (Lexware GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe (HP)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\scalc.exe ()
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe (Hewlett-Packard)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Faktura32\Firebird\bin\fbserver.exe (The Firebird Project)
PRC - C:\Programme\Faktura32\Firebird\bin\fbguard.exe (The Firebird Project)
========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3244_x-ww_d74fff41\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (easyjob4TaskScheduler) -- C:\Programme\protonic software\easyjob 4.0\protonic.easyjob.TaskScheduler.Service.exe ()
SRV - (easyjob4MobileService) -- C:\Programme\protonic software\easyjob 4.0\protonic.easyjob.mobile.server.service.exe (uIT)
SRV - (easyjob4ScannerService) -- C:\Programme\protonic software\easyjob 4.0\easyjobscannerservice.exe ()
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (FirebirdServerDefaultInstance) -- C:\Programme\Faktura32\Firebird\bin\fbserver.exe (The Firebird Project)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Programme\Faktura32\Firebird\bin\fbguard.exe (The Firebird Project)
SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (HPFXFAX) -- C:\WINDOWS\system32\drivers\hpfxfax.sys (Hewlett Packard)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 15:32:26 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.28 16:46:23 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.16 10:40:16 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2011.01.14 17:30:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.12.14 18:18:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.14 17:30:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de
[2011.04.29 12:34:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\o38e3xqq.default\extensions
[2010.09.09 08:51:51 | 000,000,000 | -H-D | M] (IE Tab) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\o38e3xqq.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011.04.29 12:34:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.11 22:51:08 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.08 14:26:51 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.28 16:46:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.08 13:48:02 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.08 13:48:02 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.08 13:48:02 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.08 13:48:02 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.08 13:48:02 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.02.18 11:10:36 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPPQVideo] File not found
O4 - HKLM..\Run: [HPUsageTracking] C:\Programme\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Zahlungserinnerung.lnk = C:\Programme\Profi cash\wzed.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.18 10:39:24 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f82f6f81-710f-11de-a77f-0012bfc4a4d9}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.28 16:46:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.04.28 14:52:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.04.28 14:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.04.28 14:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.04.28 14:42:30 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011.04.28 14:40:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011.04.28 14:40:48 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.28 14:40:48 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.28 14:40:46 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.28 14:40:44 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.28 14:40:44 | 000,000,000 | -H-D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.28 13:57:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\NtmsData
[2011.04.28 13:53:21 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2011.04.28 13:33:40 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.04.28 13:33:18 | 000,028,520 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.04.28 13:33:15 | 000,137,656 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.04.28 13:33:15 | 000,061,960 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.04.28 13:33:15 | 000,045,416 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.04.28 13:33:15 | 000,022,360 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.04.28 13:32:59 | 000,000,000 | -H-D | C] -- C:\Programme\Avira
[2011.04.28 13:32:59 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.04.21 10:03:40 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Bilder Kamine
[2011.04.05 11:49:00 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Bilder Voba
[2011.03.30 20:01:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular
[2009.12.21 20:54:33 | 000,127,059 | -H-- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[2004.09.08 10:47:52 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[31 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.29 16:35:00 | 000,001,104 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.29 16:35:00 | 000,001,100 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.29 12:31:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.28 14:40:48 | 000,000,756 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.28 14:35:57 | 000,000,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292
[2011.04.28 14:35:57 | 000,000,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292r
[2011.04.28 14:33:33 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18538292
[2011.04.28 13:59:01 | 000,001,709 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.04.28 13:33:40 | 000,001,671 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.04.28 13:29:20 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.26 12:01:05 | 000,212,942 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Rechnung.odt
[2011.04.25 09:13:03 | 000,212,641 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.04.22 17:15:41 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.04.20 09:02:29 | 000,004,033 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\74162693.KEY
[2011.04.14 15:41:58 | 000,259,354 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Der Detze rockt.pdf
[2011.04.05 11:18:40 | 000,516,617 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\20010721SVLISSINGEN.SAV
[2011.04.05 10:57:13 | 000,199,317 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Profi cash 1000 0404.sav
[2011.04.01 17:07:25 | 000,137,656 | -H-- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.04.01 17:07:25 | 000,061,960 | -H-- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.03.30 20:01:01 | 000,000,711 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2011.03.30 17:27:46 | 000,002,581 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2010.lnk
[2011.03.30 16:53:13 | 000,002,581 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2009.lnk
[31 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.04.28 14:40:48 | 000,000,756 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.28 14:35:57 | 000,000,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292r
[2011.04.28 14:35:56 | 000,000,184 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292
[2011.04.28 14:33:33 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18538292
[2011.04.28 13:57:45 | 000,002,347 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk
[2011.04.28 13:57:45 | 000,001,709 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.04.28 13:33:40 | 000,001,671 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.04.14 15:44:39 | 000,259,354 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Der Detze rockt.pdf
[2011.04.05 11:18:40 | 000,516,617 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\20010721SVLISSINGEN.SAV
[2011.04.05 10:57:13 | 000,199,317 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Profi cash 1000 0404.sav
[2011.03.30 20:01:01 | 000,000,711 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2010.12.31 16:34:44 | 000,199,668 | -H-- | C] () -- C:\WINDOWS\hppins12.dat.temp
[2010.12.31 15:29:11 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2010.12.31 15:27:14 | 000,000,665 | RH-- | C] () -- C:\WINDOWS\System32\hppapr12.dat
[2010.12.31 13:10:57 | 000,194,608 | -H-- | C] () -- C:\WINDOWS\hppins12.dat
[2010.12.31 13:10:57 | 000,007,855 | -H-- | C] () -- C:\WINDOWS\hppmdl12.dat
[2010.10.19 20:52:33 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\steuer2008.INI
[2010.09.06 14:46:39 | 000,071,384 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.02.03 21:14:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009.12.02 00:04:15 | 000,009,741 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2009.06.02 09:49:26 | 000,037,888 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.16 00:09:08 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.03.24 12:47:56 | 000,003,072 | RH-- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009.03.24 12:47:53 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.03.24 12:30:29 | 000,315,392 | -H-- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009.03.24 12:30:29 | 000,295,018 | -H-- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009.03.24 12:30:29 | 000,002,048 | -H-- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2009.03.20 18:22:32 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2009.02.18 15:44:00 | 001,724,416 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.02.18 15:44:00 | 001,657,376 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.02.18 15:44:00 | 001,507,328 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.02.18 15:44:00 | 001,346,080 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009.02.18 15:44:00 | 001,101,824 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.02.18 15:44:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.02.18 15:44:00 | 000,449,056 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.02.18 15:44:00 | 000,436,768 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009.02.18 11:15:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009.02.18 11:14:36 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.02.18 11:14:36 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2009.02.18 10:58:52 | 000,049,152 | RH-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.02.18 10:42:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.02.18 10:37:14 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.02.18 10:33:23 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.02.18 10:32:28 | 000,177,056 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.05.16 08:05:30 | 000,079,397 | -H-- | C] () -- C:\WINDOWS\unins000.exe
[2006.02.23 13:11:50 | 000,013,778 | -H-- | C] () -- C:\WINDOWS\System32\SELF32.INI
[2004.11.11 13:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.11.11 13:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.11.11 13:00:00 | 000,495,956 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.11.11 13:00:00 | 000,479,700 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.11.11 13:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.11.11 13:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.11.11 13:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.11.11 13:00:00 | 000,097,990 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.11.11 13:00:00 | 000,085,218 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.11.11 13:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.11.11 13:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.11.11 13:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.11.11 13:00:00 | 000,027,440 | -H-- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004.11.11 13:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.11.11 13:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.11.11 13:00:00 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.11.11 13:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.08.18 20:45:18 | 000,031,232 | -H-- | C] () -- C:\WINDOWS\System32\cmdow.exe
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 29.04.2011 16:38:44 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3, v.3244 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 160,00 Gb Total Space | 134,43 Gb Free Space | 84,02% Space Free | Partition Type: NTFS
Drive D: | 138,09 Gb Total Space | 88,26 Gb Free Space | 63,92% Space Free | Partition Type: NTFS
Drive H: | 482,74 Mb Total Space | 12,74 Mb Free Space | 2,64% Space Free | Partition Type: FAT
Computer Name: 965P | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{106AB011-06EE-4EFB-A5F0-C3EFD25D3A69}" = QuickVerein Plus 2010
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{16480125-0428-4097-9A2A-74464004D169}" = EOS Capture 1.3
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{20A2D522-7639-4951-8AC4-6C90A82B83B2}" = hpzTLBXFX
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (EASYJOB4)
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{473C1ACB-EB1B-4899-AEC7-DE8815758C18}" = Faktura32
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{501E4F62-257C-4FCE-960C-ABA85DC60AB0}" = hppTLBXFXCM2320
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5662C158-CA24-4228-BF6C-596FADA08682}" = Camera Support Core Library
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65EBFCFA-B015-4E4C-AD4D-DE65B4F62C4D}" = hppPQVideoCM2320
"{66AED2E9-E9E3-4894-B656-FD552800551F}" = hppManualsCM2320
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75A79BA0-4317-4CE6-924C-B0B3175EBEF9}" = hppscanCM2320
"{77697747-7567-428D-8394-2287586F6974}" = hppusgCM2320
"{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Camera Window DS
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7FEA5EEA-91C7-4387-9585-682A98DE5EB3}" = CAPS
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{862983D7-FA08-493E-A9ED-6B7859E069D3}" = Canon PhotoRecord
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Internet Library
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{99EE30D2-A7EA-486C-9AD4-57C8583375BF}" = hppSendFaxCM2320
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = RAW Image Task 2.0
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Ultra Edition
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Camera Window DVC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvCM2320
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF0C558D-BB2C-4819-88E1-1921D2BA7E00}" = hppCLJCM2320
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C92CE7AF-B104-4710-8F5C-9F833976D308}" = Schrankplaner
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1901237-60AE-4659-8A07-073588714967}" = hppScanToCM2320
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E73534D5-CC93-4C63-9072-5A9734255C74}" = Camera Window MC
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN-Karte
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}" = HP Color LaserJet CM2320 MFP Series 3.0
"{EF94DF68-3144-4503-8F11-D022D2176E32}" = hppFaxUtilityCM2320
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6C08117-E8A9-401D-BF1F-7F99D6B48D59}" = easyjob 4.0
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ElsterFormular für Unternehmer 12.1.1.6214u" = ElsterFormular für Unternehmer
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F32_is1" = Faktura32 - Auftragsverwaltung
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}" = Canon Utilities EOS Capture 1.3
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber
"InstallShield_{5662C158-CA24-4228-BF6C-596FADA08682}" = Canon Camera Support Core Library
"InstallShield_{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{E73534D5-CC93-4C63-9072-5A9734255C74}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{F6C08117-E8A9-401D-BF1F-7F99D6B48D59}" = easyjob 4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Profi cash" = Profi cash
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"sv.net" = sv.net
"Tweak UI 2.10" = Tweak UI
"Verbindungsassistent" = Verbindungsassistent
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Companion
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
--- --- --- |
