Verschlüsselungs-Trojaner

Bernd-1 · 12.06.2012, 16:44

Hallo zusammen,

habe folgende Email bekommen und ich Vollpfosten habe den Anhang geöffnet.

"Sicher ist es Ihnen entgangen, dass die Zahlungsfrist der nachfolgenden Rechnung abgelaufen ist. Auf zwei Mahnungsschreiben haben Sie auch nicht reagiert.

Ihre Bestellung: Leica MDA VE
Artikelnummer: 2989641962273
Stück: 2
Summe: 629,89 Euro

Aufgrund zusätzlicher Kosten anlässlich des Ausgleichs von Gebührenforderungen erheben wir Mahngebühren und Einschreibegebühren in der Höhe von 10.- Euro inkl. MwSt.

Wir bitten Sie, den ausstehenden Rechnungsbetrag in den nächsten 7 Tagen zu überweisen. Ansonsten sehen wir uns leider gezwungen, ein Betreibungsverfahren in die Wege zu leiten und ein Inkasso Unternehmen für die weiteren Massnahmen zu beauftragen.

Sollte sich dieses Schreiben mit der Bezahlung des ausstehenden Betrags gekreuzt haben, so betrachten Sie dieses Schreiben bitte als gegenstandslos.

Beilagen:
- Rechnung
- Bestellung

Mit besten Grüßen

www.dnet24.de"

Der Anhang ist eine ZIP-Datei (Beilagen-12.06.2012.zip), das ZIP-File enthält eine Datei mit dem Namen "Bestellung Dnet24 GmbH", als Typ steht dort MS-Dos Anwendung, dass ich nicht gesehen habe.

Kurz darauf wechselt der Bildschirm zischen schwarz und den normalen Bildschirm und dann wie unter "http://www.trojaner-board.de/115183-...e-umlauf.html" beschrieben.

Ich habe dann den Rechner im Abgesicherten Modus gestartet und Malwarebytes runtergeladen, installiert und den vollständigen Scan durchlaufen lassen, aber ohne Erfolg, siehe nachfolgendes Log-File.

Wer kann mir helfen?
Vielen Dank im Voraus
Bernd

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.12.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Bernd.Harbauer :: P120311DE [Administrator]

Schutz: Deaktiviert

12.06.2012 12:31:27
mbam-log-2012-06-12 (12-31-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 401432
Laufzeit: 28 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Bernd.Harbauer\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

kira · 13.06.2012, 20:29

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

3.
► Welche Art und Weise wurden die Daten (Eigene Dateien wie Bilder, Dokumente, Musik etc) bereits verschlüsselt? Kannst Du ein Beispiel nennen? Dateiändung wurden zugefügt (z.B "locked- .wxyz"), oder nach einem Zufallsprinzip besteht ein Dateiname aus Groß und Kleinbuchstaben (wie z.B QsEEUTODXNVqyssQ) andere?
Nämlich manche Varianten lassen sich entschlüsseln, andere wieder leider nicht..

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Bernd-1 · 14.06.2012, 08:51

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.06.2012 09:34:51 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Bernd.Harbauer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.90 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 80.59% Memory free
11.80 Gb Paging File | 10.68 Gb Available in Paging File | 90.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.96 Gb Total Space | 338.32 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
Drive N: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
Drive P: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
Drive Y: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS
Drive Z: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS
 
Computer Name: P120311DE | User Name: Bernd.Harbauer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bernd.Harbauer\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (msoidsvc) -- C:\Programme\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (ZcfgSvc7) Intel(R) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (O2SDIOAssist) -- c:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\accelern.sys (ST Microelectronics)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\HBtnKey.sys (Dell Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT)
DRV:64bit: - (O2SDJRDR) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys (O2Micro )
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (O2MDRRDR) -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys (O2Micro )
DRV:64bit: - (O2MDFRDR) -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys (O2Micro )
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F}
IE:64bit: - HKLM\..\SearchScopes\{26B460B7-E076-4932-BAE4-6C88A26CDE8F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F}
IE - HKLM\..\SearchScopes\{26B460B7-E076-4932-BAE4-6C88A26CDE8F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://eusapharma10microsoftonlinecom-1.sharepoint.microsoftonline.com/default.aspx
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:1.9a9pre
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.12 22:32:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.12 22:32:33 | 000,000,000 | ---D | M]
 
[2012.03.25 18:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd.Harbauer\AppData\Roaming\mozilla\Extensions
[2012.03.25 18:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd.Harbauer\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
File not found (No name found) -- C:\PROGRAM FILES (X86)\XXXL_KUECHENPLANER\PRISM\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2012.03.24 19:42:06 | 000,032,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
O1 HOSTS File: ([2012.06.12 12:20:06 | 000,442,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15214 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)
O4 - HKLM..\Run: [SignIn] C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SMB50StarMoneyRunEntry] Z:\app\OflAgent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKLM..\Run: [StarMoneyRunEntry] Y:\app\OflAgent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKCU..\Run: [CAA41A07] C:\Users\Bernd.Harbauer\Zkkym\uuugkwjb.exe (vagite sarti)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bernd.Harbauer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: P071207DE ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: livemeeting.com ([]https in Internet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10-admin] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10-my] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.199.1.19 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eusapharma.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19A07781-6995-4C3B-B26F-AAFBB4E726F4}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1AB5A17-4802-4CDE-991E-7504B158648A}: DhcpNameServer = 10.199.1.19 8.8.8.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 09:32:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bernd.Harbauer\Desktop\OTL.exe
[2012.06.12 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\Malwarebytes
[2012.06.12 12:29:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.12 12:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.06.12 12:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.06.12 12:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.06.12 11:03:53 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\Zkkym
[2012.06.11 14:33:46 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\PixelPlanet
[2012.06.11 14:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BCL Technologies
[2012.06.11 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BCL Technologies
[2012.06.11 14:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PixelPlanet
[2012.06.11 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PixelPlanet
[2012.06.11 14:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XpressUpdate
[2012.06.11 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixelPlanet
[2012.06.11 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PixelPlanet
[2012.06.11 14:25:28 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Downloaded Installations
[2012.06.04 08:50:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.05.25 11:30:34 | 000,000,000 | --SD | C] -- C:\Users\Bernd.Harbauer\SharePoint-Websites
[2012.05.25 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 365
[2012.05.25 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Deployment
[2012.05.25 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Apps
[2012.05.23 09:43:26 | 000,000,000 | R--D | C] -- C:\Users\Bernd.Harbauer\Documents\Scanned Documents
[2012.05.23 09:43:26 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\Documents\Fax
[2012.05.16 16:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.16 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.16 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.14 09:32:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bernd.Harbauer\Desktop\OTL.exe
[2012.06.14 09:30:33 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.06.14 09:30:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 09:30:13 | 455,815,167 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.12 16:25:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.12 16:25:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.12 12:38:00 | 001,648,302 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.12 12:38:00 | 000,702,546 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.12 12:38:00 | 000,657,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.12 12:38:00 | 000,150,210 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.12 12:38:00 | 000,122,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.12 12:29:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 12:20:06 | 000,442,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.12 12:11:11 | 000,001,264 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\Spybot - Search & Destroy.lnk
[2012.06.12 10:57:06 | 000,002,004 | ---- | M] () -- C:\Users\Bernd.Harbauer\Documents\ddUgEeeNpAgtuNL
[2012.06.12 10:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 14:36:11 | 000,008,598 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\sstysrpvjdtyrpjDTty
[2012.06.11 14:25:43 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\PdfEditor.lnk
[2012.06.11 12:05:31 | 000,006,961 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\LLnpxOgauVXAlatV
[2012.06.11 09:49:35 | 000,006,538 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.06.10 09:57:41 | 000,340,577 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\OggATssqVDOduNynDjdtN
[2012.06.10 09:46:59 | 000,177,576 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\ssesNJJxAueqpD
[2012.06.05 13:55:51 | 001,619,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.04 08:50:22 | 537,270,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.03 12:06:58 | 000,381,768 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\VeernJDDsQfrXddqqnx
[2012.05.31 16:09:10 | 000,038,400 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\DllgotqVrXDOsyNLADO
[2012.05.30 11:36:00 | 000,023,303 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\tttyfDjUssVVOO
[2012.05.30 11:35:52 | 000,108,579 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\eeotqVLDOAorXLGOQorq
[2012.05.30 11:34:10 | 000,025,005 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\oootNXJDGAotXJGOu
[2012.05.30 11:33:48 | 000,130,571 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\jjOTQsrqfJOUEr
[2012.05.30 11:33:15 | 000,025,031 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\dUTQsrpfnDaEtpv
[2012.05.30 11:28:54 | 000,022,492 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\NNNypGGuQryvGAUEeqfDT
[2012.05.30 00:07:42 | 000,032,256 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\UUdeNXVlGuQtrlDOAesf
[2012.05.29 23:30:18 | 000,015,607 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\alxjdetffnOjoeqXnOTE
[2012.05.29 11:29:33 | 000,011,388 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\NNrLpUdQQrNxdotu
[2012.05.29 11:14:33 | 000,001,022 | ---- | M] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.29 11:14:29 | 000,001,008 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\Dropbox.lnk
[2012.05.24 12:17:10 | 000,041,758 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\daTQErpVvlTQspJnjaue
[2012.05.23 16:31:30 | 000,053,055 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\EootNXJDxAEsXJxgu
[2012.05.22 11:48:32 | 000,712,578 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\QQQqVLGvlgQsrx
[2012.05.21 15:05:30 | 000,022,123 | ---- | M] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
 
========== Files Created - No Company Name ==========
 
[2012.06.12 12:29:56 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 12:11:11 | 000,001,264 | ---- | C] () -- C:\Users\Bernd.Harbauer\Desktop\Spybot - Search & Destroy.lnk
[2012.06.11 14:25:43 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\PdfEditor.lnk
[2012.06.04 08:50:22 | 537,270,287 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.05.21 15:05:28 | 000,022,123 | ---- | C] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2012.04.20 13:18:29 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2012.04.20 13:18:29 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2012.04.12 22:29:52 | 000,207,504 | ---- | C] () -- C:\Windows\hpwins14.dat.temp
[2012.04.12 22:29:52 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp
[2012.03.30 14:02:18 | 000,194,333 | ---- | C] () -- C:\Windows\hpwins19.dat
[2012.03.30 14:02:18 | 000,000,253 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2012.03.27 14:20:10 | 000,251,296 | ---- | C] () -- C:\Windows\hpwins14.dat
[2012.03.27 14:20:10 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2012.03.23 22:40:36 | 000,007,617 | ---- | C] () -- C:\Users\Bernd.Harbauer\AppData\Local\Resmon.ResmonCfg
[2012.03.06 09:44:23 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.06 09:44:22 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.06 09:44:20 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.06 09:44:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.06 09:44:16 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.03.06 08:37:45 | 000,006,538 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.06 08:37:24 | 000,000,572 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.03.06 08:34:09 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2012.03.06 08:34:09 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.02.11 19:45:27 | 001,648,302 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.06.2012 09:34:51 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Bernd.Harbauer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.90 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 80.59% Memory free
11.80 Gb Paging File | 10.68 Gb Available in Paging File | 90.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.96 Gb Total Space | 338.32 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
Drive N: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
Drive P: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
Drive Y: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS
Drive Z: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS
 
Computer Name: P120311DE | User Name: Bernd.Harbauer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041216D5-4258-4E73-B076-0F4A0A01964D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{15B97CAD-E0C4-40A0-8EB2-DACF7767743D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{15E1FEB6-712B-4D46-84E9-F1982A17F75E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1A4D09CF-FEAB-469B-BF35-D4DA194247E1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{287FBDE0-CD5C-4FCD-ABF2-77D7C2330F7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{322953AE-6EDC-4246-8CBA-1DC76EC2D1DE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{325B6675-7931-4DD1-9951-DF1C6E937C03}" = rport=445 | protocol=6 | dir=out | app=system | 
"{35DE23DE-A137-44E8-BE75-D6A112F404F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{42FE75F4-FA1A-4390-8B9B-EE944B92FD22}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B3987CF-DF15-4DF2-A9A8-C749A3AB65FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6266B149-309B-4148-99FA-053665A59929}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6E95D92C-E4F0-40BF-844D-57DCE820CC44}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7BEE9F51-CBB9-4359-B946-1EE5EDD8D844}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{82D0581B-3BE6-4438-BCEE-3B4001C2B125}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{89352922-3AE4-4F6C-8020-AA88B9758FE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A4C3F36-9DF0-4806-B2F8-B489CED46A58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8F783F9E-B9AD-4EDB-BB3F-EF7E484783AD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9B63CF9E-BE89-4628-985D-D3517BFE1594}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A8817B35-B183-44F3-AB23-7592718EAB8B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{B395F02C-B46C-4EFB-B2F6-B674731650E8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B73E5735-8884-4E9D-8329-B6B912396047}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CA8F9822-63AD-4222-8281-057B283ABDC1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E50E6BF5-CD6F-494D-9E17-816EEC4B1C39}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EADBD2A2-66CC-4121-AB3E-C2DF07B2454F}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{EFC80117-8BD5-46D7-96D7-F22258C67781}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F51EB8B0-73DF-4C36-845D-49BE09FF396B}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0046D805-077E-4895-8D20-53D7E3E89DED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{1A17DD44-9449-48DE-AD13-99298B30454C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1ADDA5D5-4504-4A07-924F-B22FD3F99BEB}" = protocol=17 | dir=in | app=\\p071207de\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | 
"{1BF77DA7-3FFF-412A-9ABA-17D59DD7E5A7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1C3EB954-A245-466C-A632-C5B43D35C414}" = protocol=17 | dir=in | app=\\p071207de\starmoney business 5.0\app\starmoney.exe | 
"{235B0CA6-4FC6-4376-B655-906429D01210}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{290134E7-8ECC-48C4-9947-F0B660AC463A}" = protocol=17 | dir=in | app=\\p071207de\starmoney\app\starmoney.exe | 
"{32756192-F5C8-4472-AC70-44A27C9A7433}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{376FC229-A31C-49BA-90C0-12CAD7689F62}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3AAC0948-9D3E-4A38-A479-2B1934B63D25}" = protocol=6 | dir=in | app=\\p071207de\starmoney\app\starmoney.exe | 
"{3BB376DA-AC9D-4585-B6B2-5E125450AF1F}" = protocol=17 | dir=in | app=\\p071207de\starmoney\ouservice\starmoneyonlineupdate.exe | 
"{3F284F9B-1F82-43DA-9F98-9741D91BF789}" = protocol=6 | dir=in | app=\\p071207de\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | 
"{3F542613-5CAD-4985-A90C-09205376681C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4B825FB5-EB95-4012-A690-C5A0E56A62AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4FB3CF77-2E76-4A0B-BF52-F51758E768D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{51166809-2266-4F7E-8370-6FEDCDE367E7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{8ab2ac00-afff-4043-83d9-0086528b337f}\setup\hpznui40.exe | 
"{576EC08B-C2C7-443D-B49E-D305000B4FCE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5BC021C6-41E1-4D02-86DF-085FA3871129}" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{61055D3C-4991-40CA-BED8-8B886B00FC29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{623E52F4-9A50-4325-A7AE-1A022F56FA70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{629E0758-D0C6-435E-9A7F-EDEE88A54CD0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{687D68A1-5DC9-4C4C-92E5-262175EC3040}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{72515F6A-1256-45B1-8290-6FC1582B74E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{762AB393-DFDF-4312-85BC-20ACD2792350}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe | 
"{78486C69-E9F2-4AE7-8354-EA83924374CD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7D8C14C6-3CF3-416E-B074-397B45964DB5}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{894A81F2-791A-495D-ACD5-2BF3F218CD71}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{8A6D8C27-4E77-4F59-B247-309BA6DA719A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{8E27F28C-4058-4F1C-BEF1-0CB29A3D201B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{900D4D64-864B-4DCE-A689-FBC7CBD93EDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{961335C7-EB7C-4A78-8DAC-10F3A1D23603}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{9750DB09-E1E0-48A1-85DF-E79DA6792B1D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{9BE7AD07-E998-48A6-8498-433FA7B648D9}" = protocol=6 | dir=in | app=\\p071207de\starmoney\ouservice\starmoneyonlineupdate.exe | 
"{9E6EB922-A50D-4272-9FB1-884752FC0E69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{AB8023B2-06A1-4DA3-86CC-8CA6A25534CB}" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B048577B-4E18-4A1B-A3D4-1CBE60EA1B9D}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe | 
"{B131E0CF-C46A-48DF-9774-FE34E0F164D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B5172A8C-0415-4FFF-8B22-13E6C6E34F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{B5AA5FD7-32A1-4683-BEBE-1CAF42405B63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CA0BBA30-A99C-4035-A9FD-751D0FD9F86D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{CB1D72AB-1E1F-4B1D-A9EA-A7E272EE8B96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{CD04B681-0979-4E79-8892-E8A30F82E25C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{DDB27D0F-511F-4DA0-9EFC-BC1276C54038}" = protocol=6 | dir=in | app=\\p071207de\starmoney business 5.0\app\starmoney.exe | 
"{E6AB08C2-9767-494F-9A7E-4612C67D4BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{E79BF45B-78AF-4BB7-BCDF-240656E20311}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{ECD7A766-5984-4605-A8ED-EC994A68EC82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{EE8FD3E3-C809-485A-988B-FFC01953302A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{FB003E39-2290-4D62-8E69-E432A457B7D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"TCP Query User{1F77745D-97D4-41A3-B9A7-6BF781668F34}C:\program files (x86)\cutesoft\netschafkopf\netschk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cutesoft\netschafkopf\netschk.exe | 
"TCP Query User{E179228E-3B0B-4765-8DB9-4D0A1A06C0BD}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{F3EC6B0E-3DCA-45DC-AA58-6501AC07AA13}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{1C4BCED8-B869-4BE4-BA7C-4ABBD70021F4}C:\program files (x86)\cutesoft\netschafkopf\netschk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cutesoft\netschafkopf\netschk.exe | 
"UDP Query User{3F747353-DFA2-4EAE-AE0A-EA8F076160EA}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{47D1EF0E-C747-44CB-82C9-A631C6C6902A}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi-Software
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB2AC00-AFFF-4043-83D9-0086528B337F}" = HP OfficeJet J6400
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6 (64bit)
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor (64bit)
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = HP Officejet J4500 Series
"{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}" = Microsoft Online Services-Anmeldeassistent
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2DD32D6C-86C2-4C56-9DB8-289E53E16827}" = StarMoney Business 5.0 
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{398E4B12-9DF4-40E7-901C-494C6E99D2DC}" = StarMoney
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{6809408A-56A8-4863-A7E9-3723FF8C24A4}" = BPDSoftware_Ini
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DA5C1DF-B2BA-4A08-93F2-9D058EBDC4DB}" = StarMoney Business 4.0 
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729C02AB-6C49-4DFB-8E48-680702F4836F}" = NetSchafkopf
"{77663A9E-EDA4-4873-907D-6315E6D0462A}" = 6400_Help
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{93E28602-B57A-4487-AA65-97BB5C97AD00}" = StarMoney
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A91E3887-5185-4091-AF33-AB0048444055}" = Microsoft Online Services Sign In
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FA30FFD4-8DF3-4B29-9C2C-EE30584CD795}" = bpd_scan
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Foxit Reader" = Foxit Reader
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"iPhoneBackupExtractor" = iPhone Backup Extractor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 10
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 11
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 12
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 13
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 14
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 15
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 16
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19
 
[ System Events ]
Error - 10.06.2012 03:44:50 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 10.06.2012 03:44:50 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 10.06.2012 03:46:52 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067
Description = 
 
Error - 10.06.2012 03:47:56 | Computer Name = P120311DE.eusapharma.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne EUSAPHARMA aufgrund der folgenden  Ursache nicht einrichten:   %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 10.06.2012 04:01:08 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.127.1537.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8403.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 11.06.2012 02:08:19 | Computer Name = P120311DE.eusapharma.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne EUSAPHARMA aufgrund der folgenden  Ursache nicht einrichten:   %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 11.06.2012 02:12:14 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067
Description = 
 
Error - 11.06.2012 02:17:19 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067
Description = 
 
Error - 11.06.2012 03:48:09 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 11.06.2012 05:48:34 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.06.2012 09:34:51 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Bernd.Harbauer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.90 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 80.59% Memory free
11.80 Gb Paging File | 10.68 Gb Available in Paging File | 90.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.96 Gb Total Space | 338.32 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
Drive N: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
Drive P: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
Drive Y: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS
Drive Z: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS
 
Computer Name: P120311DE | User Name: Bernd.Harbauer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bernd.Harbauer\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (msoidsvc) -- C:\Programme\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (ZcfgSvc7) Intel(R) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (O2SDIOAssist) -- c:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\accelern.sys (ST Microelectronics)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\HBtnKey.sys (Dell Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT)
DRV:64bit: - (O2SDJRDR) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys (O2Micro )
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (O2MDRRDR) -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys (O2Micro )
DRV:64bit: - (O2MDFRDR) -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys (O2Micro )
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F}
IE:64bit: - HKLM\..\SearchScopes\{26B460B7-E076-4932-BAE4-6C88A26CDE8F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F}
IE - HKLM\..\SearchScopes\{26B460B7-E076-4932-BAE4-6C88A26CDE8F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://eusapharma10microsoftonlinecom-1.sharepoint.microsoftonline.com/default.aspx
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {26B460B7-E076-4932-BAE4-6C88A26CDE8F}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:1.9a9pre
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.12 22:32:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.12 22:32:33 | 000,000,000 | ---D | M]
 
[2012.03.25 18:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd.Harbauer\AppData\Roaming\mozilla\Extensions
[2012.03.25 18:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd.Harbauer\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
File not found (No name found) -- C:\PROGRAM FILES (X86)\XXXL_KUECHENPLANER\PRISM\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2012.03.24 19:42:06 | 000,032,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
O1 HOSTS File: ([2012.06.12 12:20:06 | 000,442,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15214 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)
O4 - HKLM..\Run: [SignIn] C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SMB50StarMoneyRunEntry] Z:\app\OflAgent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKLM..\Run: [StarMoneyRunEntry] Y:\app\OflAgent.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKCU..\Run: [CAA41A07] C:\Users\Bernd.Harbauer\Zkkym\uuugkwjb.exe (vagite sarti)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bernd.Harbauer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: P071207DE ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: livemeeting.com ([]https in Internet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10-admin] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10-my] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.199.1.19 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eusapharma.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19A07781-6995-4C3B-B26F-AAFBB4E726F4}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1AB5A17-4802-4CDE-991E-7504B158648A}: DhcpNameServer = 10.199.1.19 8.8.8.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 09:32:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bernd.Harbauer\Desktop\OTL.exe
[2012.06.12 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\Malwarebytes
[2012.06.12 12:29:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.12 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.12 12:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.06.12 12:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.06.12 12:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.06.12 11:03:53 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\Zkkym
[2012.06.11 14:33:46 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\PixelPlanet
[2012.06.11 14:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BCL Technologies
[2012.06.11 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BCL Technologies
[2012.06.11 14:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PixelPlanet
[2012.06.11 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PixelPlanet
[2012.06.11 14:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XpressUpdate
[2012.06.11 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixelPlanet
[2012.06.11 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PixelPlanet
[2012.06.11 14:25:28 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Downloaded Installations
[2012.06.04 08:50:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.05.25 11:30:34 | 000,000,000 | --SD | C] -- C:\Users\Bernd.Harbauer\SharePoint-Websites
[2012.05.25 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 365
[2012.05.25 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Deployment
[2012.05.25 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\AppData\Local\Apps
[2012.05.23 09:43:26 | 000,000,000 | R--D | C] -- C:\Users\Bernd.Harbauer\Documents\Scanned Documents
[2012.05.23 09:43:26 | 000,000,000 | ---D | C] -- C:\Users\Bernd.Harbauer\Documents\Fax
[2012.05.16 16:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.16 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.16 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.14 09:32:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bernd.Harbauer\Desktop\OTL.exe
[2012.06.14 09:30:33 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.06.14 09:30:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 09:30:13 | 455,815,167 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.12 16:25:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.12 16:25:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.12 12:38:00 | 001,648,302 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.12 12:38:00 | 000,702,546 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.12 12:38:00 | 000,657,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.12 12:38:00 | 000,150,210 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.12 12:38:00 | 000,122,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.12 12:29:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 12:20:06 | 000,442,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.12 12:11:11 | 000,001,264 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\Spybot - Search & Destroy.lnk
[2012.06.12 10:57:06 | 000,002,004 | ---- | M] () -- C:\Users\Bernd.Harbauer\Documents\ddUgEeeNpAgtuNL
[2012.06.12 10:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 14:36:11 | 000,008,598 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\sstysrpvjdtyrpjDTty
[2012.06.11 14:25:43 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\PdfEditor.lnk
[2012.06.11 12:05:31 | 000,006,961 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\LLnpxOgauVXAlatV
[2012.06.11 09:49:35 | 000,006,538 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.06.10 09:57:41 | 000,340,577 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\OggATssqVDOduNynDjdtN
[2012.06.10 09:46:59 | 000,177,576 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\ssesNJJxAueqpD
[2012.06.05 13:55:51 | 001,619,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.04 08:50:22 | 537,270,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.03 12:06:58 | 000,381,768 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\VeernJDDsQfrXddqqnx
[2012.05.31 16:09:10 | 000,038,400 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\DllgotqVrXDOsyNLADO
[2012.05.30 11:36:00 | 000,023,303 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\tttyfDjUssVVOO
[2012.05.30 11:35:52 | 000,108,579 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\eeotqVLDOAorXLGOQorq
[2012.05.30 11:34:10 | 000,025,005 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\oootNXJDGAotXJGOu
[2012.05.30 11:33:48 | 000,130,571 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\jjOTQsrqfJOUEr
[2012.05.30 11:33:15 | 000,025,031 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\dUTQsrpfnDaEtpv
[2012.05.30 11:28:54 | 000,022,492 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\NNNypGGuQryvGAUEeqfDT
[2012.05.30 00:07:42 | 000,032,256 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\UUdeNXVlGuQtrlDOAesf
[2012.05.29 23:30:18 | 000,015,607 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\alxjdetffnOjoeqXnOTE
[2012.05.29 11:29:33 | 000,011,388 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\NNrLpUdQQrNxdotu
[2012.05.29 11:14:33 | 000,001,022 | ---- | M] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.29 11:14:29 | 000,001,008 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\Dropbox.lnk
[2012.05.24 12:17:10 | 000,041,758 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\daTQErpVvlTQspJnjaue
[2012.05.23 16:31:30 | 000,053,055 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\EootNXJDxAEsXJxgu
[2012.05.22 11:48:32 | 000,712,578 | ---- | M] () -- C:\Users\Bernd.Harbauer\Desktop\QQQqVLGvlgQsrx
[2012.05.21 15:05:30 | 000,022,123 | ---- | M] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
 
========== Files Created - No Company Name ==========
 
[2012.06.12 12:29:56 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 12:11:11 | 000,001,264 | ---- | C] () -- C:\Users\Bernd.Harbauer\Desktop\Spybot - Search & Destroy.lnk
[2012.06.11 14:25:43 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\PdfEditor.lnk
[2012.06.04 08:50:22 | 537,270,287 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.05.21 15:05:28 | 000,022,123 | ---- | C] () -- C:\Users\Bernd.Harbauer\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2012.04.20 13:18:29 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2012.04.20 13:18:29 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2012.04.12 22:29:52 | 000,207,504 | ---- | C] () -- C:\Windows\hpwins14.dat.temp
[2012.04.12 22:29:52 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp
[2012.03.30 14:02:18 | 000,194,333 | ---- | C] () -- C:\Windows\hpwins19.dat
[2012.03.30 14:02:18 | 000,000,253 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2012.03.27 14:20:10 | 000,251,296 | ---- | C] () -- C:\Windows\hpwins14.dat
[2012.03.27 14:20:10 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2012.03.23 22:40:36 | 000,007,617 | ---- | C] () -- C:\Users\Bernd.Harbauer\AppData\Local\Resmon.ResmonCfg
[2012.03.06 09:44:23 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.06 09:44:22 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.06 09:44:20 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.06 09:44:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.06 09:44:16 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.03.06 08:37:45 | 000,006,538 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.06 08:37:24 | 000,000,572 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.03.06 08:34:09 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2012.03.06 08:34:09 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.02.11 19:45:27 | 001,648,302 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.06.2012 09:34:51 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Bernd.Harbauer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.90 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 80.59% Memory free
11.80 Gb Paging File | 10.68 Gb Available in Paging File | 90.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.96 Gb Total Space | 338.32 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
Drive N: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
Drive P: | 243.40 Gb Total Space | 127.42 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
Drive Y: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS
Drive Z: | 111.69 Gb Total Space | 64.07 Gb Free Space | 57.37% Space Free | Partition Type: NTFS
 
Computer Name: P120311DE | User Name: Bernd.Harbauer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041216D5-4258-4E73-B076-0F4A0A01964D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{15B97CAD-E0C4-40A0-8EB2-DACF7767743D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{15E1FEB6-712B-4D46-84E9-F1982A17F75E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1A4D09CF-FEAB-469B-BF35-D4DA194247E1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{287FBDE0-CD5C-4FCD-ABF2-77D7C2330F7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{322953AE-6EDC-4246-8CBA-1DC76EC2D1DE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{325B6675-7931-4DD1-9951-DF1C6E937C03}" = rport=445 | protocol=6 | dir=out | app=system | 
"{35DE23DE-A137-44E8-BE75-D6A112F404F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{42FE75F4-FA1A-4390-8B9B-EE944B92FD22}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B3987CF-DF15-4DF2-A9A8-C749A3AB65FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6266B149-309B-4148-99FA-053665A59929}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6E95D92C-E4F0-40BF-844D-57DCE820CC44}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7BEE9F51-CBB9-4359-B946-1EE5EDD8D844}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{82D0581B-3BE6-4438-BCEE-3B4001C2B125}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{89352922-3AE4-4F6C-8020-AA88B9758FE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A4C3F36-9DF0-4806-B2F8-B489CED46A58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8F783F9E-B9AD-4EDB-BB3F-EF7E484783AD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9B63CF9E-BE89-4628-985D-D3517BFE1594}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A8817B35-B183-44F3-AB23-7592718EAB8B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{B395F02C-B46C-4EFB-B2F6-B674731650E8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B73E5735-8884-4E9D-8329-B6B912396047}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CA8F9822-63AD-4222-8281-057B283ABDC1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E50E6BF5-CD6F-494D-9E17-816EEC4B1C39}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EADBD2A2-66CC-4121-AB3E-C2DF07B2454F}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{EFC80117-8BD5-46D7-96D7-F22258C67781}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F51EB8B0-73DF-4C36-845D-49BE09FF396B}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0046D805-077E-4895-8D20-53D7E3E89DED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{1A17DD44-9449-48DE-AD13-99298B30454C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1ADDA5D5-4504-4A07-924F-B22FD3F99BEB}" = protocol=17 | dir=in | app=\\p071207de\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | 
"{1BF77DA7-3FFF-412A-9ABA-17D59DD7E5A7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1C3EB954-A245-466C-A632-C5B43D35C414}" = protocol=17 | dir=in | app=\\p071207de\starmoney business 5.0\app\starmoney.exe | 
"{235B0CA6-4FC6-4376-B655-906429D01210}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{290134E7-8ECC-48C4-9947-F0B660AC463A}" = protocol=17 | dir=in | app=\\p071207de\starmoney\app\starmoney.exe | 
"{32756192-F5C8-4472-AC70-44A27C9A7433}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{376FC229-A31C-49BA-90C0-12CAD7689F62}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3AAC0948-9D3E-4A38-A479-2B1934B63D25}" = protocol=6 | dir=in | app=\\p071207de\starmoney\app\starmoney.exe | 
"{3BB376DA-AC9D-4585-B6B2-5E125450AF1F}" = protocol=17 | dir=in | app=\\p071207de\starmoney\ouservice\starmoneyonlineupdate.exe | 
"{3F284F9B-1F82-43DA-9F98-9741D91BF789}" = protocol=6 | dir=in | app=\\p071207de\starmoney business 5.0\ouservice\starmoneyonlineupdate.exe | 
"{3F542613-5CAD-4985-A90C-09205376681C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4B825FB5-EB95-4012-A690-C5A0E56A62AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4FB3CF77-2E76-4A0B-BF52-F51758E768D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{51166809-2266-4F7E-8370-6FEDCDE367E7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{8ab2ac00-afff-4043-83d9-0086528b337f}\setup\hpznui40.exe | 
"{576EC08B-C2C7-443D-B49E-D305000B4FCE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5BC021C6-41E1-4D02-86DF-085FA3871129}" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{61055D3C-4991-40CA-BED8-8B886B00FC29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{623E52F4-9A50-4325-A7AE-1A022F56FA70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{629E0758-D0C6-435E-9A7F-EDEE88A54CD0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{687D68A1-5DC9-4C4C-92E5-262175EC3040}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{72515F6A-1256-45B1-8290-6FC1582B74E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{762AB393-DFDF-4312-85BC-20ACD2792350}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe | 
"{78486C69-E9F2-4AE7-8354-EA83924374CD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7D8C14C6-3CF3-416E-B074-397B45964DB5}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{894A81F2-791A-495D-ACD5-2BF3F218CD71}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{8A6D8C27-4E77-4F59-B247-309BA6DA719A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{8E27F28C-4058-4F1C-BEF1-0CB29A3D201B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{900D4D64-864B-4DCE-A689-FBC7CBD93EDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{961335C7-EB7C-4A78-8DAC-10F3A1D23603}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{9750DB09-E1E0-48A1-85DF-E79DA6792B1D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{9BE7AD07-E998-48A6-8498-433FA7B648D9}" = protocol=6 | dir=in | app=\\p071207de\starmoney\ouservice\starmoneyonlineupdate.exe | 
"{9E6EB922-A50D-4272-9FB1-884752FC0E69}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{AB8023B2-06A1-4DA3-86CC-8CA6A25534CB}" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B048577B-4E18-4A1B-A3D4-1CBE60EA1B9D}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe | 
"{B131E0CF-C46A-48DF-9774-FE34E0F164D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B5172A8C-0415-4FFF-8B22-13E6C6E34F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{B5AA5FD7-32A1-4683-BEBE-1CAF42405B63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CA0BBA30-A99C-4035-A9FD-751D0FD9F86D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{CB1D72AB-1E1F-4B1D-A9EA-A7E272EE8B96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{CD04B681-0979-4E79-8892-E8A30F82E25C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{DDB27D0F-511F-4DA0-9EFC-BC1276C54038}" = protocol=6 | dir=in | app=\\p071207de\starmoney business 5.0\app\starmoney.exe | 
"{E6AB08C2-9767-494F-9A7E-4612C67D4BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{E79BF45B-78AF-4BB7-BCDF-240656E20311}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{ECD7A766-5984-4605-A8ED-EC994A68EC82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{EE8FD3E3-C809-485A-988B-FFC01953302A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{FB003E39-2290-4D62-8E69-E432A457B7D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"TCP Query User{1F77745D-97D4-41A3-B9A7-6BF781668F34}C:\program files (x86)\cutesoft\netschafkopf\netschk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cutesoft\netschafkopf\netschk.exe | 
"TCP Query User{E179228E-3B0B-4765-8DB9-4D0A1A06C0BD}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{F3EC6B0E-3DCA-45DC-AA58-6501AC07AA13}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{1C4BCED8-B869-4BE4-BA7C-4ABBD70021F4}C:\program files (x86)\cutesoft\netschafkopf\netschk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cutesoft\netschafkopf\netschk.exe | 
"UDP Query User{3F747353-DFA2-4EAE-AE0A-EA8F076160EA}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{47D1EF0E-C747-44CB-82C9-A631C6C6902A}C:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bernd.harbauer\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi-Software
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB2AC00-AFFF-4043-83D9-0086528B337F}" = HP OfficeJet J6400
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{B8E88489-A304-45F1-9717-242035DE167D}" = PixelPlanet PdfPrinter 6 (64bit)
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor (64bit)
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = HP Officejet J4500 Series
"{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}" = Microsoft Online Services-Anmeldeassistent
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2DD32D6C-86C2-4C56-9DB8-289E53E16827}" = StarMoney Business 5.0 
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{398E4B12-9DF4-40E7-901C-494C6E99D2DC}" = StarMoney
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{6809408A-56A8-4863-A7E9-3723FF8C24A4}" = BPDSoftware_Ini
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DA5C1DF-B2BA-4A08-93F2-9D058EBDC4DB}" = StarMoney Business 4.0 
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729C02AB-6C49-4DFB-8E48-680702F4836F}" = NetSchafkopf
"{77663A9E-EDA4-4873-907D-6315E6D0462A}" = 6400_Help
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{93E28602-B57A-4487-AA65-97BB5C97AD00}" = StarMoney
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A91E3887-5185-4091-AF33-AB0048444055}" = Microsoft Online Services Sign In
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FA30FFD4-8DF3-4B29-9C2C-EE30584CD795}" = bpd_scan
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Foxit Reader" = Foxit Reader
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"iPhoneBackupExtractor" = iPhone Backup Extractor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 10
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 11
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 12
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 13
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 14
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 15
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 16
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18
 
Error - 23.05.2012 12:33:12 | Computer Name = P120311DE.eusapharma.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19
 
[ System Events ]
Error - 10.06.2012 03:44:50 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 10.06.2012 03:44:50 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 10.06.2012 03:46:52 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067
Description = 
 
Error - 10.06.2012 03:47:56 | Computer Name = P120311DE.eusapharma.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne EUSAPHARMA aufgrund der folgenden  Ursache nicht einrichten:   %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 10.06.2012 04:01:08 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.127.1537.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8403.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 11.06.2012 02:08:19 | Computer Name = P120311DE.eusapharma.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne EUSAPHARMA aufgrund der folgenden  Ursache nicht einrichten:   %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 11.06.2012 02:12:14 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067
Description = 
 
Error - 11.06.2012 02:17:19 | Computer Name = P120311DE.eusapharma.local | Source = TermService | ID = 1067
Description = 
 
Error - 11.06.2012 03:48:09 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 11.06.2012 05:48:34 | Computer Name = P120311DE.eusapharma.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
 
< End of report >

--- --- ---

Hier die installierten SW aus CCleaner:

7-Zip 9.20 (x64 edition) Igor Pavlov 13.03.2012 4.53MB 9.20.00.0
Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 05.05.2012 6.00MB 11.2.202.235
Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 13.03.2012 121.0MB 10.1.2
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 13.03.2012 11.6.4.634
Apple Application Support Apple Inc. 22.03.2012 61.0MB 2.1.7
Apple Mobile Device Support Apple Inc. 22.03.2012 24.9MB 5.1.1.4
Apple Software Update Apple Inc. 22.03.2012 2.38MB 2.1.3.127
Bonjour Apple Inc. 22.03.2012 2.04MB 3.0.0.10
CCleaner Piriform 22.05.2012 3.19
CDBurnerXP CDBurnerXP 20.03.2012 17.2MB 4.4.0.2971
cyberJack Base Components REINER SCT 19.04.2012 6.9.13
Dell Touchpad ALPS ELECTRIC CO., LTD. 05.03.2012 7.1208.101.125
Dropbox Dropbox, Inc. 28.05.2012 1.4.7
Foxit Reader Foxit Corporation 19.04.2012 11.2MB 4.3.1.118
HP Customer Participation Program 13.0 HP 11.04.2012 13.0
HP Imaging Device Functions 13.0 HP 11.04.2012 13.0
HP Officejet J4500 Series HP 29.03.2012 13.0
HP OfficeJet J6400 HP 11.04.2012 13.0
HP Smart Web Printing 4.51 HP 11.04.2012 4.51
HP Solution Center 13.0 HP 11.04.2012 13.0
HP Update Hewlett-Packard 11.04.2012 3.73MB 4.000.011.006
Intel(R) Processor Graphics Intel Corporation 06.03.2012 8.15.10.2418
Intel(R) PROSet/Wireless WiFi-Software Intel Corporation 05.03.2012 120.5MB 14.00.20110
iPhone Backup Extractor Reincubate Ltd 28.03.2012 2.82MB 3.3.6.0
iTunes Apple Inc. 22.03.2012 156.9MB 10.6.0.40
Java(TM) 7 Update 1 (64-bit) Oracle 05.03.2012 93.3MB 7.0.10
Java(TM) 7 Update 3 Oracle 27.03.2012 97.5MB 7.0.30
Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 11.06.2012 18.0MB 1.61.0.1400
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 10.02.2011 38.8MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 10.02.2011 52.0MB 4.0.30319
Microsoft Lync 2010 Microsoft Corporation 25.04.2012 133.6MB 4.0.7577.4087
Microsoft Office Home and Business 2010 Microsoft Corporation 11.03.2012 14.0.6029.1000
Microsoft Online Services Sign In Microsoft Corporation 13.03.2012 9.03MB 1.0.1427.40
Microsoft Online Services-Anmeldeassistent Microsoft Corporation 24.05.2012 6.11MB 7.250.4287.0
Microsoft Security Essentials Microsoft Corporation 26.04.2012 4.0.1526.0
Microsoft Silverlight Microsoft Corporation 15.05.2012 50.7MB 5.1.10411.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11.03.2012 0.29MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 05.03.2012 0.61MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 05.03.2012 0.77MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 13.03.2012 0.23MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 11.03.2012 0.77MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.03.2012 0.58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.03.2012 0.22MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 11.03.2012 0.59MB 9.0.30729.6161
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.03.2012 1.28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 11.03.2012 1.33MB 4.20.9876.0
NetSchafkopf CuteSoft 29.03.2012 18.7MB 1.0.71
O2Micro Flash Memory Card Windows Driver O2Micro International LTD. 05.03.2012 5.00MB 3.0.07.23
OCR Software by I.R.I.S. 13.0 HP 11.04.2012 13.0
PDFCreator Frank Heindörfer, Philip Chinery 29.03.2012 1.3.2
PdfEditor (64bit) PixelPlanet 10.06.2012 61.9MB 1.0
PixelPlanet PdfPrinter 6 (64bit) PixelPlanet 10.06.2012 50.8MB 6.03.23
QuickTime Apple Inc. 22.03.2012 73.3MB 7.71.80.42
Shop for HP Supplies HP 11.04.2012 13.0
Skype Click to Call Skype Technologies S.A. 01.04.2012 8.78MB 5.10.9560
Skype™ 5.8 Skype Technologies S.A. 01.04.2012 19.0MB 5.8.158
Spybot - Search & Destroy Safer Networking Limited 11.06.2012 1.6.2
StarMoney Business 4.0 Star Finanz GmbH 20.04.2012 4.0
StarMoney Business 5.0 Star Finanz GmbH 20.04.2012 5.0
T-Mobile Internet Manager T-Mobile D 22.03.2012 11.301.05.17.55
Yahoo! Toolbar 11.04.2012

Bernd-1 · 14.06.2012, 09:00

Hallo,

die Dateien wurden nach einem Zufallsprinzip mit Groß- und Kleinbuchstaben verschlüsselt.

Gruß
Bernd

kira · 14.06.2012, 09:19

1.
Spybot - deinstallieren!

1.
Hast Du zur Zone Vertrauenswürdige Sites absichtlich hinzugefügt?:

Zitat:

O15 - HKLM\..Trusted Domains: P071207DE ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: livemeeting.com ([]https in Internet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10-admin] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([eusapharma10-my] https in Trusted sites)

wenn nicht, füge alle 015 Einträge auch noch in das OTL-Textfeld ein! (nach ""033 Einträge, vor ":Files")

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [REBOOT]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [CAA41A07] C:\Users\Bernd.Harbauer\Zkkym\uuugkwjb.exe (vagite sarti)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7077de-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{3c7077e0-78db-11e1-8087-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4884bf4f-74fe-11e1-9594-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{8ccad532-7808-11e1-814d-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell - "" = AutoRun
O33 - MountPoints2\{faf94ba3-7446-11e1-816f-d067e5460030}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

:Files
C:\Users\Bernd.Harbauer\Zkkym\uuugkwjb.exe 
C:\Users\Bernd.Harbauer\Zkkym
ipconfig /flushdns /c
:Commands
[REBOOT]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
Die einzige Chance deine Daten wiederherzustellen:
(Während der Aktion den Rechner vom Internet und Netzwerk trennen!)
-> Daten wiederherstellen mit ShadowExplorer

kann ich Dir nur viel Glück wünschen

► auf jeden Fall melde dich und berichte ob es Dir gelingen ist die Daten wieder herzustellen?

damit das nochmal nicht passiert, wie vermeide ich Datenverlust:
► Da sieht man wieder einmal wie wichtig ist, um die regelmäßige Sicherung (wichtigen Daten) zu kümmern
Denk daran: dein Hauptsystem ist doch kein Lagerhalle!
Wichtige Daten Regelmäßig sichern, am besten 2x an verschiedenen Orten!
- Externe Geräte (Festplatte USB-Stick etc) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
E-Mail-Anhang - Öffne keine E-Mail-Anhänge (Attachments), wenn du den Absender nicht kennst!
-> Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen. Mailprogramm grundsätzlich so einstellen

Bernd-1 · 14.06.2012, 09:46

Danke und viele Grüße

Hi,

also ich kann den Laptop wieder verwenden.
Es ist aber kein Textdokument nach dem Neustart erschienen.
Wenn ich den Shadow-Explorer öffne, erscheint nur ein Fenster, bei dem C: ausgewählt ist, aber keine Daten erscheinen.
Gruß
Bernd

kira · 14.06.2012, 13:25

wenn die Schattenkopien deaktiviert oder wegen wenig Speicherplatz alles vom System gelöscht wurde, dann wird`s damit leider nicht mehr

hast Du die Video-Anleitung angesehen wie es geht?

► Welche Art und Weise wurden die Daten (Eigene Dateien wie Bilder, Dokumente, Musik etc) bereits verschlüsselt? Kannst Du ein Beispiel nennen? Dateiändung wurden zugefügt (z.B "locked- .wxyz"), oder nach einem Zufallsprinzip besteht ein Dateiname aus Groß und Kleinbuchstaben (wie z.B QsEEUTODXNVqyssQ) andere?
Nämlich manche Varianten lassen sich entschlüsseln, andere wieder leider nicht..

Verschlüsselungs-Trojaner

Log-Analyse und Auswertung: Verschlüsselungs-Trojaner