| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner "TR/Jorik.Banker.bfu"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.08.2012, 15:42
| #1 |
| |  Trojaner "TR/Jorik.Banker.bfu" Scan mit dem OTL-Tool: Inhalt OTL.exe: OTL logfile created on: 17.08.2012 16:25:17 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***\Desktop\Virus 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 70,98% Memory free 7,73 Gb Paging File | 6,49 Gb Available in Paging File | 84,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,57 Gb Total Space | 397,55 Gb Free Space | 87,84% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 94,91 Mb Free Space | 95,85% Space Free | Partition Type: FAT32 Drive G: | 967,45 Mb Total Space | 849,63 Mb Free Space | 87,82% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\Virus\OTL.exe (OldTimer Tools) PRC - C:\program files (x86)\avira\antivir desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (msiserver) -- C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.) DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{E26F4B67-509C-4488-9179-F144953425C6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{E26F4B67-509C-4488-9179-F144953425C6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/br/ie9_startpage IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/br/ie9_startpage IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes,DefaultScope = {5F13BC8E-F65A-4734-8767-40DB7FB1B6F7} IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=0D45F4D001CB3BBC00703A05&install_time=2010-08-14T14:22:00Z&src_id=11429&camp_id=-3&tb_version=2.5.15000.521 IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{5F13BC8E-F65A-4734-8767-40DB7FB1B6F7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_deDE463 IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms} IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{B771E473-3757-429D-B9C0-B2EBEC345744}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80195&lng=de IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1eyogOLQhIM IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{E26F4B67-509C-4488-9179-F144953425C6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2010.10.02 15:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.02 15:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.08.14 21:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found. O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A853B8AE-8103-420B-B79C-D947E0C8DBAF}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.17 16:24:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virus [2012.08.14 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2012.08.14 22:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2012.08.14 21:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.08.14 21:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.08.14 21:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.08.14 21:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint [2012.08.14 21:53:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.08.01 19:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTP2 Addons [2012.08.01 16:11:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skip-Bo [2012.08.01 16:08:47 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2012.08.01 16:08:47 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2012.08.01 16:08:47 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2012.08.01 16:08:47 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2012.08.01 16:08:46 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2012.08.01 16:08:46 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2012.08.01 16:08:46 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2012.08.01 16:08:46 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2012.08.01 16:08:46 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2012.08.01 16:08:46 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2012.08.01 16:08:45 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2012.08.01 16:08:45 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2012.08.01 16:08:45 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2012.08.01 16:08:45 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2012.08.01 16:08:45 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2012.08.01 16:08:45 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2012.08.01 16:08:45 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2012.08.01 16:08:45 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2012.08.01 16:08:44 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2012.08.01 16:08:44 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2012.08.01 16:08:44 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2012.08.01 16:08:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2012.08.01 16:08:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2012.08.01 16:08:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2012.08.01 16:08:43 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2012.08.01 16:08:43 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2012.08.01 16:08:43 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2012.08.01 16:08:43 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2012.08.01 16:08:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2012.08.01 16:08:43 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2012.08.01 16:08:43 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2012.08.01 16:08:43 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2012.08.01 16:08:43 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2012.08.01 16:08:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2012.08.01 16:08:42 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2012.08.01 16:08:42 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2012.08.01 16:08:42 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2012.08.01 16:08:42 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2012.08.01 16:08:42 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2012.08.01 16:08:42 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2012.08.01 16:08:42 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2012.08.01 16:08:42 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2012.08.01 16:08:41 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2012.08.01 16:08:41 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2012.08.01 16:08:41 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2012.08.01 16:08:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2012.08.01 16:08:41 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2012.08.01 16:08:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2012.08.01 16:08:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2012.08.01 16:08:41 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2012.08.01 16:08:41 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2012.08.01 16:08:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2012.08.01 16:08:40 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2012.08.01 16:08:40 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2012.08.01 16:08:38 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2012.08.01 16:08:38 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2012.08.01 16:08:38 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2012.08.01 16:08:38 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2012.08.01 16:08:38 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2012.08.01 16:08:38 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2012.08.01 16:08:38 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2012.08.01 16:08:38 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2012.08.01 16:08:37 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2012.08.01 16:08:37 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2012.08.01 16:08:37 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2012.08.01 16:08:37 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2012.08.01 16:08:37 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2012.08.01 16:08:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2012.08.01 16:08:37 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2012.08.01 16:08:37 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2012.08.01 16:08:37 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2012.08.01 16:08:37 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2012.08.01 16:08:36 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2012.08.01 16:08:36 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2012.08.01 16:08:36 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2012.08.01 16:08:36 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2012.08.01 16:08:36 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2012.08.01 16:08:36 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2012.08.01 16:02:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Einfach Spielen [2012.08.01 16:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einfach Spielen [2012.08.01 16:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Einfach_Spielen [2012.08.01 15:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games [2012.08.01 15:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games [2012.08.01 15:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games [2012.07.28 12:12:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Keseling [2012.07.28 10:47:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.07.28 10:47:10 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4 [2012.07.28 10:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2012.07.28 10:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3.4 (de) Installation Files [2012.07.28 09:38:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.07.28 09:38:08 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.07.27 12:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auran [2012.07.27 12:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auran [2012.07.27 09:58:10 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2012.07.27 09:58:10 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2012.07.27 09:58:09 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2012.07.27 09:58:09 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2012.07.27 09:58:09 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2012.07.27 09:58:09 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2012.07.27 09:58:09 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2012.07.27 09:58:09 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2012.07.27 09:58:08 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2012.07.27 09:58:08 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2012.07.27 09:58:08 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2012.07.27 09:58:08 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2012.07.27 09:58:07 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2012.07.27 09:58:07 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2012.07.27 09:58:07 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2012.07.27 09:58:07 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2012.07.27 09:58:05 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2012.07.27 09:58:05 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2012.07.27 09:58:05 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2012.07.27 09:58:05 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2012.07.27 09:58:04 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2012.07.27 09:58:04 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2012.07.27 09:58:03 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2012.07.27 09:58:03 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2012.07.27 09:58:03 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2012.07.27 09:58:03 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2012.07.27 09:58:02 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2012.07.27 09:58:02 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2012.07.27 09:58:02 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2012.07.27 09:58:02 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2012.07.27 09:58:00 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2012.07.27 09:58:00 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2012.07.27 09:57:54 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2012.07.27 09:57:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2012.07.27 09:57:53 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2012.07.27 09:57:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2012.07.27 09:57:53 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2012.07.27 09:57:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2012.07.27 09:57:52 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2012.07.27 09:57:52 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2012.07.27 09:57:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2012.07.27 09:57:52 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2012.07.27 09:57:51 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2012.07.27 09:57:51 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2012.07.27 09:57:49 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2012.07.27 09:57:49 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2012.07.27 09:57:48 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2012.07.27 09:57:48 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2012.07.27 09:57:46 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2012.07.27 09:57:46 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2012.07.27 09:48:32 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ShipSim2008 UserData [2012.07.27 09:48:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008 [2012.07.27 09:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008 [2012.07.27 09:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstep [2012.07.27 09:42:31 | 000,268,048 | ---- | C] (MetaCreations Corporation) -- C:\Windows\SysWow64\dxtmeta2.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.17 16:15:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.17 16:15:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.17 16:08:16 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.17 16:08:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.17 16:07:55 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys [2012.08.05 19:03:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.05 18:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.05 17:48:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.05 17:48:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.02 10:31:11 | 000,397,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.01 16:09:39 | 000,002,167 | ---- | M] () -- C:\Users\***\Desktop\Skip-Bo spielen.lnk [2012.08.01 16:09:39 | 000,001,070 | ---- | M] () -- C:\Users\***\Desktop\Spielkiste.lnk [2012.08.01 15:33:17 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\Chuzzle Deluxe.lnk [2012.07.28 11:47:54 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Starte PTP2.lnk [2012.07.28 11:36:37 | 000,001,249 | ---- | M] () -- C:\Users\***\Desktop\Eigene Dokumente.lnk [2012.07.28 10:49:37 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.07.28 09:55:52 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.27 10:42:54 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Schiff-Simulator 2008.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.02 10:31:01 | 000,397,504 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.01 16:02:39 | 000,002,167 | ---- | C] () -- C:\Users\***\Desktop\Skip-Bo spielen.lnk [2012.08.01 16:02:39 | 000,001,070 | ---- | C] () -- C:\Users\***\Desktop\Spielkiste.lnk [2012.08.01 15:33:17 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\Chuzzle Deluxe.lnk [2012.07.28 11:47:54 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Starte PTP2.lnk [2012.07.28 11:36:37 | 000,001,249 | ---- | C] () -- C:\Users\***\Desktop\Eigene Dokumente.lnk [2012.07.28 10:47:10 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.07.27 10:39:50 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Schiff-Simulator 2008.lnk [2012.06.01 15:30:12 | 000,000,016 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res [2012.01.21 20:06:34 | 000,007,648 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.01.21 18:03:07 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{34C74D91-DC79-4668-9A56-DE0C93EF610E} [2011.10.16 10:58:01 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.06.29 20:33:48 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{935F87AB-9E0B-4601-A6BB-6493269CD5AD} [2011.06.28 22:48:24 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{B0D3D3DE-6E89-48C2-8AB5-198F953F1E4B} [2011.04.21 09:12:06 | 000,001,854 | ---- | C] () -- C:\Users\***\AppData\Roaming\GhostObjGAFix.xml [2011.04.07 20:08:12 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\ZX9EQJT7_{179E027A-EA4A-43D7-9755-4E4237726C01}.dat [2011.04.07 20:06:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.28 18:05:17 | 000,000,062 | ---- | C] () -- C:\Windows\pcvcdbr.INI [2011.02.28 18:05:15 | 000,000,000 | ---- | C] () -- C:\Windows\pcvcdvw.INI [2010.11.16 21:07:10 | 000,000,243 | ---- | C] () -- C:\ProgramData\MusicStation.xml [2010.06.09 10:15:52 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.12.09 17:23:13 | 000,050,728 | RHS- | C] () -- C:\Users\***\AppData\Roaming\appconf32.exe ========== LOP Check ========== [2011.10.05 20:53:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\1&1 Mail & Media GmbH [2010.07.19 21:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2012.07.28 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Keseling [2012.06.01 15:29:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock [2011.10.16 11:00:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2011.12.11 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\muvee Technologies [2010.11.16 21:07:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\newfolder3 [2012.07.28 10:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.08.01 16:11:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skip-Bo [2011.12.15 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Systweak [2010.06.09 10:16:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.06.03 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific [2010.10.02 15:48:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2012.06.01 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs [2010.06.09 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent [2010.06.09 12:41:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2012.06.01 15:31:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm [2010.06.08 13:02:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs [2012.06.03 10:04:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extra.exe OTL Extras logfile created on: 17.08.2012 16:25:17 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***\Desktop\Virus 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 70,98% Memory free 7,73 Gb Paging File | 6,49 Gb Available in Paging File | 84,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,57 Gb Total Space | 397,55 Gb Free Space | 87,84% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 94,91 Mb Free Space | 95,85% Space Free | Partition Type: FAT32 Drive G: | 967,45 Mb Total Space | 849,63 Mb Free Space | 87,82% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06C5AFD7-6716-4F7F-A245-0045AF853F9A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0880D7CE-746D-4E43-A43D-1B4EDB1C8A04}" = lport=137 | protocol=17 | dir=in | app=system | "{093C6D06-AA6F-49D0-8C18-137503C16090}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{09CE5FF5-AC9A-4595-8E6D-83B7E15F7395}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{161504A8-7A3B-422D-9B36-2C74D26A4D95}" = lport=138 | protocol=17 | dir=in | app=system | "{24DE1855-CF98-4C2A-95D3-81B82577F166}" = lport=445 | protocol=6 | dir=in | app=system | "{39608D99-21B9-483A-9F85-1FF4BEB9EE36}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{41F69079-E624-4527-8061-89A35D445F59}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4B0B4204-63AB-414B-88BB-8E12FBB19ECD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5E19BFD7-A06C-4F40-A961-383B3ECBF037}" = lport=139 | protocol=6 | dir=in | app=system | "{60CF3535-E6EB-443F-AB37-D5946D2D0E2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{72D981B7-E765-4C46-8DA4-9D513C4B7916}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7385A613-53D1-41AE-8747-7D39AD089986}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{75949792-3E95-4671-ADEE-8D6FEB07971B}" = rport=138 | protocol=17 | dir=out | app=system | "{75B1167E-C124-4870-BBF5-285669728773}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8939AE83-5FE4-4841-B3EF-3C5FAFFDE914}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8A27BAE6-3685-4686-BD91-C3232957C636}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{993367AF-901D-41D3-B237-D1929A0195A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B16339F2-E1FD-476C-9004-55CBF276B46D}" = rport=445 | protocol=6 | dir=out | app=system | "{C2A4F617-3EB7-4BD8-BDF5-38EAD47544AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C3E4BFB3-3D3B-4845-B89E-D9999BD48C33}" = lport=2869 | protocol=6 | dir=in | app=system | "{C7793E4E-6025-468D-957C-7314C149FCF4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E3D4F920-7E64-472E-AF37-87DC34CFD47F}" = rport=137 | protocol=17 | dir=out | app=system | "{FABFCB89-45E1-4D83-A9FE-9090655E9ACD}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02F1D4DD-CF08-40A4-827E-F78BF120D927}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{060CB373-869D-46E3-AB93-AAB7A6C3931D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{06F8E48B-4D40-407E-BE73-ED9212F02EA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0A1F3A83-B62C-4643-8E5D-06CFDEFF5BA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0A5F44DE-184F-4F04-A008-94573D010976}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0BA34352-24F2-4054-9F2F-E8BE2CC8CEFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0C28B34E-9BC6-4CA6-A2C8-34BB6DFA6908}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0CB92FA2-D63A-438C-AD3C-00C2428F0156}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0DC73EE7-AB37-45F2-8DF3-1A1029080067}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0E009173-FF4B-40D3-8036-C07E940AB589}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{14611795-F5BB-4085-A9CE-C7F53910EB63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{14C297A5-DCEA-434A-BCFF-EB77215D063A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{16E4FF69-9EF7-4493-9063-771E26B68FFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{17E9C09F-E8A4-48E1-BEAB-BEDB62D6E819}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{18D0C82A-3939-4A87-BBA3-83D11FC3824A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{18E336BC-AE4E-4245-BBDD-0928CA112904}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{19F8AFD1-05E6-400D-B66F-D43D620A2105}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1DDBC141-B3B3-4941-92B1-C82EB53C0433}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1F578814-167B-4E9F-8EE2-9D7178813D31}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1F7135A9-98AA-4BBE-9A34-C42BAEE70EEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{20DDA71D-F913-4AFE-8F1D-F6F536715DA0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{23EC3478-8E26-4CBD-8797-F29EEBDB56E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{25EEC195-D8B7-45CB-BA54-15F7C2E198E2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{26A02286-3BB9-4D43-942F-B2736631EC1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{28DB3B27-1002-48B8-B816-4966E6086A81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2B192A49-638E-4A2E-A5D7-5AFC81CC9543}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2C6BA934-FEDF-4807-BA05-9141F6379343}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2D4525EA-54DB-438C-89B7-FD17AFEF51E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2E0FD1AD-025C-439B-9C40-4D3317FF975E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2F82A405-8D1E-42EE-9BD6-D7269E0C6763}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "{374B599B-EA34-408C-91EC-1B49D70BA4B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3793847F-86A3-4550-9EA3-BB4B3B89BC2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{37B6A74B-0833-4A01-9C41-49BE1CFD0F34}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{37F6C143-8E30-446A-82EE-F5F51E23C5AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{38B1417E-D090-4A9F-90BE-54C99266D797}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{39408085-8D3C-49B8-AFD4-C2E64E3977B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3C2E9A4A-BB77-4B0F-A840-A1B207305996}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "{3C73A0A8-D374-456F-832F-4FACAEEF8F52}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{425DE7CB-EC2A-437F-8A2C-71C9695E65E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{43F390AD-5683-4B31-A2AA-95E2261B75A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4697801E-A184-4EE2-955C-32FAD204D1ED}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{46B9030E-EC91-4629-819D-E00C4C449D7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4D92AFBE-A259-4981-93E6-36680D9BF83D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4F9DF736-411A-4960-8D81-74B5B75AD014}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5262D5BC-B816-416B-9F1A-C84D8FD1EF3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5583EFB4-A7C5-472A-9B65-8A8A132718FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5B280FA9-2292-4879-AF1D-4D0760CE04E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5C3B83D7-B801-4BBC-B3F1-F399739050A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5C500462-3EF1-4B93-A034-1E053E67FBE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5F3ADCB5-DAA8-4526-BC8C-78598C21E1BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{60498124-D9D8-4B64-B959-71A23165583E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{60E5E223-5FB6-4312-983C-7165A353AF34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{62167AFB-FCA8-45CD-9184-190CF25F6DDE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{621BF43E-8994-4E86-95A3-7943100C00DB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{624937F3-94AF-4667-94CE-3142FB400080}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{634529C3-CC90-4E97-B3F4-9F71FCC5E500}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{642A632E-88D7-441E-B82C-14B1F819E705}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{64A42581-5C21-4E1E-93AD-039E7A72DF26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{657DA485-D9CB-4EE7-9C1D-E37C59E65C8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{69675AD0-E171-429F-88EF-8F2EF78B0FC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6FD532D5-5E7B-423C-87C4-F208DBCA905D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{70B14320-18E2-4F8E-9515-122E3BED267E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{71648E14-FE7D-46F3-8340-71733A336D05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{72DF39DA-C18D-4373-A5C3-8BC0C554BE09}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{7345D8B8-01BA-4BFA-853D-ADD0F489AC13}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{73736C38-0314-468B-B0BD-84C0C7CFC3EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{76852645-7D49-420E-A168-E4F1E32BA901}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{77E85E5A-1900-49B0-8EB6-18BFC14A4522}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7BC468A7-15DA-4C35-B093-F40BDFD1ABBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7BD2DED3-92AA-4A44-BFD1-3B7A4EA468E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8275195D-0FEB-44C0-BEAC-9B54EC05169E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{84D63B51-0239-44F8-9954-D9449038B5EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8925BD5E-CA44-4DCB-A8BD-67CF61D3E2B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{89666740-1B0C-4B72-8A65-4C7FD60AA52C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8B7AB338-A84A-4050-AC2D-E8E76C0C67D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8D3ECEBB-A261-4ADF-A92F-D33542A4157A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8DF875C3-14EB-42B8-B100-C5418733F1D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8E02C528-1432-44CC-964D-131AF8E1F778}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8E986E65-6596-401C-8E60-60703F9B8EE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{905C5B58-B788-4808-A8DA-469A5A421A34}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | "{92B1A7F3-1F56-4458-960E-B9FB7BEED47E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9312ACDD-9EF3-4F46-9232-D02C54958D24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9713EC9F-4D63-453E-820E-3BA12CF2EAB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{97F9EF81-81E9-41CC-BCD8-83DCB5243B55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{98EC9224-986F-4E91-A82C-7B5ECA1B67F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9A243F60-CFD8-4407-B7DA-485F8D0EBEC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9A87948C-5214-4197-B450-90CBBF179E7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9B60D0AA-958F-46CC-A2D9-66E698628623}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A64BFEEC-C11C-4734-8C5F-9E31BA1EACD2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A767C07A-7571-4CE6-90EA-094EED814B4E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AB589DB6-7515-44F8-8983-7A2623D0D21C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AC79E7D4-65BF-435A-9F15-CCF366A877D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B22DA9C2-9453-4016-85C8-F94ED4138C25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B45861B2-73E3-405F-93C8-7AC93A2470F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B4717B14-3714-4310-B797-E29EA4D1FD05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B4D411FC-0673-49E5-874A-5DF8C1541D28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B50DA95F-B2C4-4284-873F-0B488DE6502F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B54BD2ED-2D5E-4BCA-835F-257D89229669}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BAA21C27-ED68-404B-B22F-497D3C75AB39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BC8D4F5B-87EA-41F4-A624-A422E3AB04B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BDD8CF8F-2296-47AD-B990-90A2DF66CA55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BFF55C80-B216-4D63-A7F6-8DC659176273}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C180A2C0-EAB3-4DAE-B6D1-6DF62CC75941}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C2724B2A-3A8E-4CA5-8AE3-F0D4141CEC9A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C29860A3-A85B-4A17-BD57-252CDB230CE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C4376F8E-A2E2-4F5F-9887-F49F86F6D2EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C4730B94-E478-49EE-B3BF-F3A87F68C23E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C9BD0ECD-288B-4070-9020-A0327586EE1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CE04396D-0193-4563-98F2-4303E004F3DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D13E15FB-3DF3-4F05-B2F1-FADE7B25E8BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D2550A00-E9A3-4C2F-B07D-169FB550B83C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{D517C557-318C-410A-BE85-222624F5D19D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D72AD551-6016-4BCA-AD2F-AF7A56785BCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D7DA5D61-2967-47F3-A2F7-74DD40D3B902}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DA033592-3765-4651-A379-2F8BEEB7386D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DBF0DF8E-27FB-46D3-A135-C316DC61EA73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DCABAE0A-4502-4EA1-AF95-8B97DC26FFF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DD32E9E5-6D8B-420F-9259-41677B16CA09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DFDADBF0-F506-4D3C-A670-51DB6C9B7370}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E4F90B0D-41A6-443A-840A-1F1F1911996B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E507A6F4-F230-459D-9540-F6F9B1931E1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E6BA94EE-67FE-430B-A3B1-EA1A1D9C81D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E7569BBF-AE4B-4BB0-AFC2-D0E70A830CB6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EB791CA7-29E8-4231-98AF-22D331663BBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EE54A93A-126E-40F5-BC71-ED22DF948F1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EFC400B7-36CA-4542-845F-C158110C4C6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F280A4A0-A137-4620-9B88-67F5FB8C4511}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F3066157-98BA-4C6A-90C8-2736D4CE2C15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F36E5663-356C-4D2C-ABA4-80D0BE67C687}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F666F5C6-ADE5-46DD-A19F-F743C95820ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F673EE5C-78B0-428C-B84A-1F1C8064A61A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F7919610-8459-4959-B316-123CC575CDEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F93A701B-73FF-47C6-86A9-1600F56B366D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FB4AE7A4-AE1F-43F7-900B-1FCACBD53715}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FB556442-93DF-4B5B-B3D9-068E90E3783D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FDD32F18-2CCE-4B30-8E1F-064604E3B100}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "TCP Query User{D28ABA61-84C5-47F6-9C2C-2D4360923445}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{F94FA854-B3C8-417A-9B21-BCA33994BA3D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{4C3CB2BA-00FA-4303-9B10-D74145B92F04}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{63B8EBD7-1473-4137-BE00-3EE6C55B4716}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English "CCleaner" = CCleaner "EPSON Printer and Utilities" = EPSON-Drucker-Software "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French "{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish "{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software "{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech "{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish "{1350B50D-E596-4C53-A912-5C9F1FC5A6CD}" = ProTrain Perfect 2 - Addon9 Hamburg - Berlin - "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light "{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish "{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant "{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7C4644E0-7759-4723-8A32-21B45B81D785}" = MAGIX Screenshare "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static "{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish "{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A5D1AA42-B24E-4FA3-ABEA-497D0C7C7994}" = ProTrain Perfect 2 - TEE Rheingold - "{A68D2170-1F19-4057-871B-600C03EC7A35}" = ProTrain Perfect 2 - Halle - Berlin - "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI "{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish "{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print "{BC146E5F-A2B0-40DB-90E7-2833807E98DF}" = HP User Guides 0183 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C1C3AE4C-7E56-4E71-B173-ADBBA56147A5}" = MAGIX Speed burnR (MSI) "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player "{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common "{E74E7F63-E70F-43f2-873F-35FB66F263B2}" = MusicStation "{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch "{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AuranTS2009_ptp2_is1" = ProTrain Perfect 2 "Avira AntiVir Desktop" = Avira Free Antivirus "Chuzzle Deluxe 1.0.3.1132" = Chuzzle Deluxe 1.0.3.1132 "CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch "EasyBits Magic Desktop" = Magic Desktop "EPSON Scanner" = EPSON Scan "IncrediMail" = IncrediMail 2.0 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "MAGIX Filme auf DVD TerraTec Edition D" = MAGIX Filme auf DVD TerraTec Edition 7.0.3.8 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service "Mah Jongg" = Mah Jongg "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "Picasa 3" = Picasa 3 "ShipSim2008" = Schiff-Simulator 2008 "TerraTec Grabby" = TerraTec Grabby V5.09.0813.00 "TomTom HOME" = TomTom HOME 2.8.3.2499 "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 14.03.2012 07:56:53 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.03.2012 07:56:53 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.03.2012 07:56:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.03.2012 07:56:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.03.2012 07:56:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.03.2012 07:56:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.03.2012 07:56:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 17.03.2012 14:30:07 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 18.03.2012 13:16:30 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = Error - 18.03.2012 13:18:32 | Computer Name = ***-PC | Source = RasClient | ID = 20227 Description = [ Hewlett-Packard Events ] Error - 01.01.2011 14:02:02 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0 Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. HPSF bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs e) bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs) bei System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised) bei System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args) bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs e) bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root, RoutedEvent routedEvent) bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object root) bei MS.Internal.LoadedOrUnloadedOperation.DoWork() bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks() bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object resizedCompositionTarget) bei System.Windows.Media.MediaContext.RenderMessageHandler(Object resizedCompositionTarget) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler) Error - 16.01.2011 06:03:03 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0 Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a() Error - 21.04.2011 03:12:05 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041121091202.xml File not created by asset agent Error - 21.04.2011 04:50:45 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041121105043.xml File not created by asset agent Error - 12.05.2011 14:17:55 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051112081753.xml File not created by asset agent Error - 26.07.2011 09:59:25 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071126035922.xml File not created by asset agent Error - 18.10.2011 11:23:24 | Computer Name = ***-PC | Source = HPSF.exe | ID = 4000 Description = Error - 16.04.2012 13:46:17 | Computer Name = ***-PC | Source = HPSF.exe | ID = 4000 Description = Error - 15.05.2012 17:01:27 | Computer Name = ***-PC | Source = HPSF.exe | ID = 4000 Description = Error - 15.05.2012 17:03:31 | Computer Name = ***-PC | Source = HPSF.exe | ID = 4000 Description = [ System Events ] Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2732487) Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2647753) Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 9 für Windows 7 für x64-Systeme (KB2722913) Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2705219) Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2731847) Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2712808) Error - 17.08.2012 10:20:53 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 17.08.2012 10:20:54 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 17.08.2012 10:23:33 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error - 17.08.2012 10:23:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. < End of report > Prüft bitte ob noch was zu retten ist. Danke |
|
20.08.2012, 21:16
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner "TR/Jorik.Banker.bfu" Bitte nicht einfach nur beschreibungslos die OTL oder andere Logs reinknallen
__________________Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
| Themen zu Trojaner "TR/Jorik.Banker.bfu" |
| antivir, avira, bho, desktop, error, excel, fehler, firefox, flash player, format, helper, home, iexplore.exe, install.exe, installation, launch, logfile, msiexec.exe, object, origin, plug-in, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, trojaner, usb 2.0, visual studio, windows |
Linear-Darstellung
