| |
| |||||||
Log-Analyse und Auswertung: Live Security PlatinumWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
03.09.2012, 21:49
| #1 |
 |  Live Security Platinum Hallo zusammen, nachdem mir hier vor kurzem schonmal sehr gut geholfen wurde, benötige ich schon wieder Hilfe. Diesmal hat es meine Schwester getroffen und sie hat sich den live security platinum virus eingefangen. Nachdem mein Schwager schon avira hat durchlaufen lassen und der rechner anscheinend wieder funktioniert, hab ich jetzt trotzdem nochmal otl und Malwarebytes gestartet, da ich dem frieden nicht traue. Hier die Logs: HTML-Code: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.03.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Thomas :: EINSTEIN-8400 [Administrator] 03.09.2012 20:04:20 mbam-log-2012-09-03 (20-04-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 377448 Laufzeit: 45 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) HTML-Code: OTL logfile created on: 03.09.2012 19:56:01 - Run 1 OTL by OldTimer - Version 3.2.60.0 Folder = E:\Dokumente und Einstellungen\Thomas\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,65% Memory free 3,85 Gb Paging File | 3,31 Gb Available in Paging File | 86,07% Paging File free Paging file location(s): E:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme Drive C: | 73,24 Gb Total Space | 25,27 Gb Free Space | 34,50% Space Free | Partition Type: NTFS Drive E: | 392,51 Gb Total Space | 254,01 Gb Free Space | 64,71% Space Free | Partition Type: NTFS Drive F: | 122,85 Mb Total Space | 122,85 Mb Free Space | 100,00% Space Free | Partition Type: FAT Computer Name: EINSTEIN-8400 | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - E:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe (OldTimer Tools) PRC - E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony) PRC - E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () PRC - E:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe () PRC - E:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - E:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - E:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - E:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - E:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) PRC - E:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) PRC - E:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - E:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - E:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - E:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.) PRC - E:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) PRC - E:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - E:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - E:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - E:\Programme\Sony\Sony PC Companion\MExplorer.dll () MOD - E:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - E:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () MOD - E:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wfvie12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\rsguiwinapi47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wsteu12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\rscorewinapi47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wgui12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wcore12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wauff12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wreli12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe () MOD - E:\Programme\WISO\Steuersoftware 2012\rsodbc47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\rsdcom47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtsqlrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtcluceners47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\phononrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtwebkitrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qttestrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtscriptrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtsvgrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtguirs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qt3supportrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtnetworkrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtxmlrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtcorers47.dll () MOD - E:\WINDOWS\system32\msdmo.dll () MOD - E:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () MOD - E:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () [color=#E56717]========== Services (SafeList) ==========[/color] SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AntiVirService) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- E:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Sony PC Companion) -- E:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (odserv) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AVM WLAN Connection Service) -- E:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (NeroMediaHomeService.4) -- E:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) SRV - (PLFlash DeviceIoControl Service) -- E:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- E:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (LightScribeService) -- E:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Capture Device Service) -- E:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (UleadBurningHelper) -- E:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (ose) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AdobeActiveFileMonitor5.0) -- E:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (FirebirdServerMAGIXInstance) -- E:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (WDICA) -- File not found DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (NTACCESS) -- D:\NTACCESS.sys File not found DRV - (MSICPL) -- D:\install4\MSICPL.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found DRV - (Changer) -- File not found DRV - (avipbb) -- E:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- E:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- E:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- E:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FWLANUSB) -- E:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- E:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (atksgt) -- E:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- E:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (hwdatacard) -- E:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (IntcAzAudAddService) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (seehcri) -- E:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (RTLE8023xp) -- E:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (GTUQBUS) -- E:\WINDOWS\system32\drivers\gtuqbus.sys (Option N.V.) DRV - (GTPTSER) -- E:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.) DRV - (AmdLLD) -- E:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (s117obex) -- E:\WINDOWS\system32\drivers\s117obex.sys (MCCI Corporation) DRV - (s117mdm) -- E:\WINDOWS\system32\drivers\s117mdm.sys (MCCI Corporation) DRV - (s117mgmt) -- E:\WINDOWS\system32\drivers\s117mgmt.sys (MCCI Corporation) DRV - (s117unic) -- E:\WINDOWS\system32\drivers\s117unic.sys (MCCI Corporation) DRV - (s117nd5) -- E:\WINDOWS\system32\drivers\s117nd5.sys (MCCI Corporation) DRV - (s117mdfl) -- E:\WINDOWS\system32\drivers\s117mdfl.sys (MCCI Corporation) DRV - (s117bus) -- E:\WINDOWS\system32\drivers\s117bus.sys (MCCI Corporation) DRV - (elUsbU142CardBus) -- E:\WINDOWS\system32\drivers\elu142.sys (Elan Digital Systems Ltd) DRV - (elDiag) -- E:\WINDOWS\system32\drivers\FTD2XX.sys (FTDI Ltd.) DRV - (LMouKE) -- E:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.) DRV - (L8042mou) -- E:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.) DRV - (L8042Kbd) -- E:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie8_startpage IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - E:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\SearchScopes,DefaultScope = {E9231B5E-4062-4031-8C99-2380218CD709} IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\SearchScopes\{92D6BBF6-B2ED-49B5-BAAC-4CE0E1767B4C}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms} IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\SearchScopes\{E3A83A13-EAD7-427B-AA1A-83CB68922077}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\SearchScopes\{E9231B5E-4062-4031-8C99-2380218CD709}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms} IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1214440339-616249376-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: E:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: e:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: E:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: E:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.17 18:44:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: E:\Programme\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.04.24 20:18:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: E:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 O1 HOSTS File: ([2007.10.29 14:00:00 | 000,000,820 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - E:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - E:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - E:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - E:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - E:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - E:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - E:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Photo Downloader] E:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] E:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [amd_dc_opt] E:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] E:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [NBKeyScan] E:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [Nero MediaHome 4] E:\Programme\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] E:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UVS11 Preload] E:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKLM..\Run: [WinSys2] E:\WINDOWS\system32\WinSys2.exe () O4 - HKU\S-1-5-21-1214440339-616249376-682003330-1003..\Run: [1und1Dispatcher] E:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH) O4 - HKU\S-1-5-21-1214440339-616249376-682003330-1003..\Run: [Sony PC Companion] E:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKU\S-1-5-21-1214440339-616249376-682003330-1003..\Run: [Steam] E:\Programme\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] E:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = E:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177 O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://photoservice.fujicolor.eu/ips-opdata/layout/aspadmin/objects/canvasx.cab (CanvasX Class) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229060297769 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229060171565 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A9839C3-B925-4D4E-A1E7-A7E6419FE2DF}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - E:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.11 20:05:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012.09.03 19:36:44 | 000,000,000 | ---- | M] () - F:\autorun.inf -- [ FAT ] O33 - MountPoints2\{2112d368-bbc2-11de-8820-001d92f423c0}\Shell - "" = AutoRun O33 - MountPoints2\{2112d368-bbc2-11de-8820-001d92f423c0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2112d368-bbc2-11de-8820-001d92f423c0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{2112d369-bbc2-11de-8820-001d92f423c0}\Shell - "" = AutoRun O33 - MountPoints2\{2112d369-bbc2-11de-8820-001d92f423c0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2112d369-bbc2-11de-8820-001d92f423c0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{227544d6-2dab-11e1-8bb3-001d92f423c0}\Shell - "" = AutoRun O33 - MountPoints2\{227544d6-2dab-11e1-8bb3-001d92f423c0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{227544d6-2dab-11e1-8bb3-001d92f423c0}\Shell\AutoRun\command - "" = F:\DPFMate.exe O33 - MountPoints2\{56b94feb-c79f-11de-8823-001d92f423c0}\Shell - "" = AutoRun O33 - MountPoints2\{56b94feb-c79f-11de-8823-001d92f423c0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{56b94feb-c79f-11de-8823-001d92f423c0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6c3b787e-409f-11df-8874-001d92f423c0}\Shell - "" = AutoRun O33 - MountPoints2\{6c3b787e-409f-11df-8874-001d92f423c0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6c3b787e-409f-11df-8874-001d92f423c0}\Shell\AutoRun\command - "" = H:\laucher.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\laucher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.09.03 19:18:09 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Malwarebytes [2012.09.03 19:18:03 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys [2012.09.03 19:18:03 | 000,000,000 | ---D | C] -- E:\Programme\Malwarebytes' Anti-Malware [2012.09.03 19:18:03 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.09.03 19:17:43 | 000,599,040 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe [2012.09.03 19:17:40 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- E:\Dokumente und Einstellungen\Thomas\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.21 10:13:43 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF61031355AC6E2AEFE07B07D287 [5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] [1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.09.03 19:18:04 | 000,000,756 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.03 19:12:24 | 000,599,040 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe [2012.09.03 19:11:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- E:\Dokumente und Einstellungen\Thomas\Desktop\mbam-setup-1.62.0.1300.exe [2012.09.03 19:01:00 | 000,000,342 | ---- | M] () -- E:\WINDOWS\tasks\HP Photo Creations Messager.job [2012.09.03 18:55:46 | 000,013,736 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl [2012.09.03 18:55:22 | 000,001,669 | ---- | M] () -- E:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\Tintenwarnungen überwachen - HP Photosmart 6510 series.lnk [2012.09.03 18:55:04 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat [2012.08.24 20:40:01 | 000,000,456 | ---- | M] () -- E:\WINDOWS\tasks\At2.job [2012.08.24 20:15:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\tasks\At3.job [2012.08.21 10:10:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\tasks\At1.job [2012.08.18 19:53:15 | 000,248,696 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT [2012.08.17 11:11:18 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK [2012.08.16 17:11:07 | 000,001,703 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Sony PC Companion 2.1.lnk [2012.08.15 14:00:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\tasks\At4.job [5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] [1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.09.03 19:18:04 | 000,000,756 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.24 20:13:37 | 000,000,057 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ament.ini [2012.02.16 21:01:00 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll [2012.01.14 21:11:05 | 000,293,992 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb0.bin [2012.01.14 21:11:04 | 000,293,992 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb1.bin [2012.01.14 21:11:04 | 000,000,001 | ---- | C] () -- E:\WINDOWS\System32\nvdrssel.bin [2012.01.14 21:10:30 | 002,784,050 | ---- | C] () -- E:\WINDOWS\System32\nvdata.data [2011.12.19 20:41:19 | 000,819,200 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll [2011.12.19 20:41:19 | 000,180,224 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll [2010.10.17 18:12:52 | 000,566,964 | ---- | C] () -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\mdbu.bin [2008.09.28 18:43:40 | 000,024,576 | ---- | C] () -- E:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== LOP Check ==========[/color] [2012.08.24 20:37:23 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF61031355AC6E2AEFE07B07D287 [2012.01.11 23:46:57 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon [2012.05.26 19:10:20 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2009.11.15 12:25:39 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2011.12.21 22:09:01 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\clone.AD [2012.01.11 23:46:57 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons [2010.07.18 19:40:35 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2009.01.16 21:11:52 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo [2009.08.09 21:36:40 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2008.08.06 21:21:16 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2009.01.19 20:56:49 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic [2009.01.16 21:12:42 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2012.03.09 09:38:48 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2009.01.16 21:15:01 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2012.01.11 23:46:57 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb [2009.10.18 10:45:42 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2009.10.18 10:45:51 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone [2008.07.19 18:56:15 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Bytemobile [2011.02.08 19:56:40 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Ancient Quest of Saqqarah__intenium [2009.03.29 11:17:05 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Buhl Data Service [2009.06.25 15:53:55 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Buhl Data Service GmbH [2011.02.13 20:30:31 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\GetRightToGo [2012.04.20 01:22:28 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Image Zone Express [2008.08.31 14:59:39 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\InterTrust [2008.07.11 20:38:38 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Leadertech [2008.09.28 18:34:18 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\MAGIX [2009.01.16 21:22:26 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Ulead Systems [2008.07.19 19:00:10 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Vodafone [2012.08.21 10:10:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\Tasks\At1.job [2012.08.24 20:40:01 | 000,000,456 | ---- | M] () -- E:\WINDOWS\Tasks\At2.job [2012.08.24 20:15:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\Tasks\At3.job [2012.08.15 14:00:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\Tasks\At4.job [color=#E56717]========== Purity Check ==========[/color] < End of report > HTML-Code: OTL Extras logfile created on: 03.09.2012 19:56:01 - Run 1 OTL by OldTimer - Version 3.2.60.0 Folder = E:\Dokumente und Einstellungen\Thomas\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,65% Memory free 3,85 Gb Paging File | 3,31 Gb Available in Paging File | 86,07% Paging File free Paging file location(s): E:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme Drive C: | 73,24 Gb Total Space | 25,27 Gb Free Space | 34,50% Space Free | Partition Type: NTFS Drive E: | 392,51 Gb Total Space | 254,01 Gb Free Space | 64,71% Space Free | Partition Type: NTFS Drive F: | 122,85 Mb Total Space | 122,85 Mb Free Space | 100,00% Space Free | Partition Type: FAT Computer Name: EINSTEIN-8400 | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard) "E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "E:\Programme\HP\Digital Imaging\bin\hposid01.exe" = E:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "E:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = E:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "E:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = E:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "E:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "E:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = E:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "E:\Programme\HP\HP Software Update\HPWUCli.exe" = E:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "E:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = E:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "E:\Programme\UBISOFT\Prince of Persia\Prince of Persia.exe" = E:\Programme\UBISOFT\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx -- (Ubisoft) "E:\Programme\UBISOFT\Prince of Persia\PrinceOfPersia_Launcher.exe" = E:\Programme\UBISOFT\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update -- (Ubisoft) "E:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe" = E:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe:*:Enabled:Nero MediaHome 4 -- (Nero AG) "E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard) "E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "E:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe" = E:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0 -- (Sony Creative Software Inc.) "E:\Programme\HP\Digital Imaging\bin\hposid01.exe" = E:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "E:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = E:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "E:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = E:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "E:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "E:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = E:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "E:\Programme\HP\HP Software Update\HPWUCli.exe" = E:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "E:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = E:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) "E:\Programme\Steam\Steam.exe" = E:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "E:\Programme\Steam\SteamApps\common\duke nukem forever\System\DukeForever.exe" = E:\Programme\Steam\SteamApps\common\duke nukem forever\System\DukeForever.exe:*:Enabled:Duke Nukem Forever -- () "E:\Programme\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe" = E:\Programme\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung (HP Photosmart 6510 series) -- (Hewlett-Packard Co.) "E:\Programme\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe" = E:\Programme\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator (HP Photosmart 6510 series) -- (Hewlett-Packard Co.) "E:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = E:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009 "{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{0812B697-3B0A-4392-B975-E415FC16C71E}" = HP Photosmart C5300 All-In-One Driver Software 12.0 Rel .4 "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates! "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6 "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software "{3AA1CB3C-F146-4340-AF8C-E97845A22629}" = C5300 "{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4C41DF54-F78D-404E-9E71-29EF5A00F1E9}" = MotionDV STUDIO 6.0E LE for DV "{4D41364A-E965-42E0-AD5B-9D53FBBAAC62}" = Postermaker Software - 2008 Special Edition in Oncology "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{56F6A91D-46D4-4919-ABE6-55BD17DEB039}" = SweetMovieLife 1.1E "{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C72622B-643D-4296-B57D-5D53D0C68509}" = Sony Ericsson Media Manager 1.0 "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{5FF598DB-F2D0-461B-A97D-506D31BA5373}" = BCL easyPDF COM "{61eb02e1-76e4-4522-a145-62ef1b10eb8c}" = Nero MediaHome 4 Trial "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73401390-0363-4FBE-853F-51F6F2D657B8}" = Studie zur Verbesserung von HP Photosmart 6510 series Produkten "{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{7A92A322-1A10-4153-B551-D547AA9B4649}" = Schiffe Versenken - Karibik Edition "{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia "{83C4CC25-EEFA-4E9F-A428-E1764266442E}" = PS_AIO_04_C5300_Software_Min "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{94C5F3DC-7891-42BA-8F14-1D689DD972B7}" = Kartendesigner - Einladung & Party "{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{995A7F95-907E-4C25-8A2A-39CDCB7EC69C}" = Nero BackItUp "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Hilfe "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AB5C4115-57A5-4B30-B103-3DDF65FB5034}" = Nero BackItUp "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{acc36eed-6027-4e0a-8c06-7b0b3cbaf204}" = Nero 9 "{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext "{AD1CB74F-C528-440B-90F8-2AD35C9B09F1}" = Nero MediaHome 4 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1 "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help "{C05DB3EA-72D9-4EF0-9D19-B0864AF582A5}" = WISO Haushaltsbuch 2009 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C13F11D1-00BA-44DF-B626-35E1C03F85E5}" = D1300 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86 "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver "{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software (deu) "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600 "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E1A1B9-35A5-46F7-A4B1-9467828AAE6E}" = HP Photosmart 6510 series - Grundlegende Software für das Gerät "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F219234A-8D39-4D99-A77D-AE97A6FBD198}" = Nero MediaHome 4 Help "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "{fd7e1360-a30e-42cb-bcf0-8c0a3af5a70b}" = Nero BackItUp 4 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer "1947ed9c549f680a9ed3f1fdbb9337a4" = Myst V End Of Ages "AC3Filter_is1" = AC3Filter 1.63b "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "AskTBar Uninstall" = Ask Toolbar "avi.NET 3.5.1.0" = avi.NET 3.5.1.0 "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "AVMWLANCLI" = AVM FRITZ!WLAN "DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "elDiag" = U142 Diagostics Port Driver "elUsbU142CardBus" = U142 Adapter Driver "Firebird SQL Server D" = Firebird SQL Server (D) "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photo Creations" = HP Photo Creations "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates! "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11 "Interaktiver Atlas der Blickdiagnostik" = Interaktiver Atlas der Blickdiagnostik "MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D) "MAGIX MP3 Maker Centurion D" = MAGIX MP3 Maker Centurion (D) "MAGIX Online Druck Service" = MAGIX Online Druck Service "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Perry Rhodan_is1" = Perry Rhodan "QuickTime 3.0" = QuickTime 3.0 "Saqqarah" = Saqqarah "Shop for HP Supplies" = Shop for HP Supplies "Steam App 57900" = Duke Nukem Forever "Super Nautica Special" = Super Nautica Special "SystemRequirementsLab" = System Requirements Lab "Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0 "Universal Media Player" = Universal Media Player "VLC media player" = VLC media player 1.1.11 "VobSub" = VobSub v2.23 (Remove Only) "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "X3-Reunion2.0.02DE_is1" = X3: Reunion v2.0.02 "X3TerranConflict_is1" = X3 Terran Conflict v1.4 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Xvid_is1" = Xvid 1.2.2 final uninstall "Yahoo! Companion" = Yahoo! Toolbar [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 29.07.2012 14:21:12 | Computer Name = EINSTEIN-8400 | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. . Error - 21.08.2012 04:18:57 | Computer Name = EINSTEIN-8400 | Source = VSS | ID = 8193 Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80080005. Error - 21.08.2012 04:33:51 | Computer Name = EINSTEIN-8400 | Source = VSS | ID = 8193 Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d. Error - 21.08.2012 04:34:57 | Computer Name = EINSTEIN-8400 | Source = VSS | ID = 8193 Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d. Error - 21.08.2012 04:36:42 | Computer Name = EINSTEIN-8400 | Source = VSS | ID = 8193 Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d. Error - 21.08.2012 05:21:39 | Computer Name = EINSTEIN-8400 | Source = VSS | ID = 8193 Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d. Error - 21.08.2012 14:03:21 | Computer Name = EINSTEIN-8400 | Source = Avira Antivirus | ID = 4122 Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5 Error - 21.08.2012 14:22:45 | Computer Name = EINSTEIN-8400 | Source = Avira Antivirus | ID = 4122 Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5 Error - 21.08.2012 14:42:00 | Computer Name = EINSTEIN-8400 | Source = Avira Antivirus | ID = 4122 Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5 Error - 24.08.2012 13:49:52 | Computer Name = EINSTEIN-8400 | Source = Avira Antivirus | ID = 4122 Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5 [ System Events ] Error - 24.08.2012 14:11:33 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7034 Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 24.08.2012 14:11:34 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Nero BackItUp Scheduler 4.0. Error - 24.08.2012 14:11:34 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 24.08.2012 14:11:35 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Nero MediaHome 4 Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 Error - 24.08.2012 14:18:03 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7034 Description = Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 24.08.2012 14:23:59 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 24.08.2012 14:30:05 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 25.08.2012 14:51:24 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Error - 27.08.2012 12:47:52 | Computer Name = EINSTEIN-8400 | Source = Windows Update Agent | ID = 16 Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht, eine Verbindung herzustellen. Error - 02.09.2012 02:48:50 | Computer Name = EINSTEIN-8400 | Source = Windows Update Agent | ID = 16 Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht, eine Verbindung herzustellen. < End of report > |
|
04.09.2012, 22:16
| #2 |
| /// Selecta Jahrusso   | Live Security Platinum Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
[code] Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ |
|
06.09.2012, 18:09
| #3 |
| | Live Security Platinum Hallo,
__________________danke für die Hilfe. Hier de Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-09-06.02 - Thomas 06.09.2012 18:47:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1309 [GMT 2:00]
ausgeführt von:: e:\dokumente und einstellungen\Thomas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\dokumente und einstellungen\Thomas\WINDOWS
E:\install.exe
e:\programme\INSTALL.LOG
e:\windows\IsUn0407.exe
e:\windows\system32\dllcache\dlimport.exe
e:\windows\system32\WinSys.exe
e:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-06 bis 2012-09-06 ))))))))))))))))))))))))))))))
.
.
2012-09-06 16:39 . 2012-09-06 16:39 -------- d-----w- e:\windows\LastGood
2012-09-06 16:36 . 2012-09-06 16:36 -------- d-----w- e:\dokumente und einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Sun
2012-09-04 17:28 . 2012-09-04 17:28 -------- d-----w- e:\dokumente und einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Temp
2012-09-03 19:15 . 2012-09-03 19:15 -------- d-----w- e:\programme\Gemeinsame Dateien\Java
2012-09-03 19:14 . 2012-09-03 19:14 93672 ----a-w- e:\windows\system32\WindowsAccessBridge.dll
2012-09-03 19:11 . 2012-09-03 19:11 73416 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 19:11 . 2012-09-03 19:11 696520 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2012-09-03 17:18 . 2012-09-03 17:18 -------- d-----w- e:\dokumente und einstellungen\Thomas\Anwendungsdaten\Malwarebytes
2012-09-03 17:18 . 2012-09-03 17:18 -------- d-----w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-08-21 08:13 . 2012-08-24 18:37 -------- d-----w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\036DFF61031355AC6E2AEFE07B07D287
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 19:14 . 2012-05-05 16:07 821736 ----a-w- e:\windows\system32\npdeployJava1.dll
2012-09-03 19:14 . 2012-05-05 16:07 143872 ----a-w- e:\windows\system32\javacpl.cpl
2012-07-06 13:59 . 2007-10-29 12:00 78336 ----a-w- e:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-07-11 18:01 139784 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2007-10-29 12:00 1866240 ----a-w- e:\windows\system32\win32k.sys
2012-07-02 17:39 . 2007-10-29 12:00 916992 ----a-w- e:\windows\system32\wininet.dll
2012-07-02 17:39 . 2007-10-29 12:00 43520 ------w- e:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2007-10-29 12:00 1469440 ------w- e:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2007-10-29 12:00 385024 ------w- e:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "e:\programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-01-16 57344]
.
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:38 154216 ----a-w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2011-12-12 16:12 1600616 ----a-w- e:\programme\WEB.DE Toolbar\IE\uitb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "e:\programme\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C424171E-592A-415A-9EB1-DFD6D95D3530}"= "e:\programme\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\programme\Steam\Steam.exe" [2012-08-10 1353080]
"1und1Dispatcher"="e:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe" [2011-06-08 223600]
"Sony PC Companion"="e:\programme\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"WinSys2"="e:\windows\system32\winsys2.exe" [2007-10-30 208896]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Nero MediaHome 4"="e:\programme\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-08-29 3622184]
"NBKeyScan"="e:\programme\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-08-29 2254120]
"UVS11 Preload"="e:\programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"hpqSRMon"="e:\programme\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="e:\programme\QuickTime\QTTask.exe" [2007-06-29 286720]
"Adobe Photo Downloader"="e:\programme\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"AVMWlanClient"="e:\programme\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"amd_dc_opt"="e:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avgnt"="e:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"HP Software Update"="e:\programme\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Microsoft Default Manager"="e:\programme\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"nwiz"="e:\programme\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"SunJavaUpdateSched"="e:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="e:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
e:\dokumente und einstellungen\Thomas\Startmenü\Programme\Autostart\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - e:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Tintenwarnungen überwachen - HP Photosmart 6510 series.lnk - e:\windows\system32\RunDll32.exe [2007-10-29 33792]
.
e:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - e:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech SetPoint.lnk - e:\programme\Logitech\SetPoint\SetPoint.exe [2008-7-11 692224]
WISO Mein Steuer-Sparbuch heute.lnk - e:\programme\WISO\Steuersoftware 2012\mshaktuell.exe [2012-1-29 1380464]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Programme\\UBISOFT\\Prince of Persia\\Prince of Persia.exe"=
"e:\\Programme\\UBISOFT\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"e:\\Programme\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"e:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"e:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"e:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"e:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=
"e:\\Programme\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"e:\\Programme\\Steam\\Steam.exe"=
"e:\\Programme\\Steam\\SteamApps\\common\\duke nukem forever\\System\\DukeForever.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Programme\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [11.01.2012 23:37 36000]
R2 AntiVirSchedulerService;Avira Planer;e:\programme\Avira\AntiVir Desktop\sched.exe [11.01.2012 23:37 86224]
R2 nvUpdatusService;NVIDIA Update Service Daemon;e:\programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [05.05.2012 18:38 2348352]
R3 FWLANUSB;AVM FRITZ!WLAN;e:\windows\system32\drivers\fwlanusb.sys [30.07.2010 20:01 265088]
R3 Sony PC Companion;Sony PC Companion;e:\programme\Sony\Sony PC Companion\PCCService.exe [25.05.2011 15:06 155320]
S3 avmeject;AVM Eject;e:\windows\system32\drivers\avmeject.sys [30.07.2010 20:01 4352]
S3 elDiag;U142 Diagostics Port Driver;e:\windows\system32\drivers\FTD2XX.sys [15.07.2008 21:06 34639]
S3 elUsbU142CardBus;U142 Adapter Driver;e:\windows\system32\drivers\elu142.sys [15.07.2008 21:06 114176]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\magix\Common\Database\bin\fbserver.exe [06.08.2008 21:21 1527900]
S3 GTUQBUS;GT UQ BUS;e:\windows\system32\drivers\gtuqbus.sys [19.07.2008 19:01 37120]
S3 seehcri;Sony Ericsson seehcri Device Driver;e:\windows\system32\drivers\seehcri.sys [09.10.2010 12:50 27632]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - HTTPFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- e:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-26 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\programme\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
2012-08-21 e:\windows\Tasks\At1.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-09-03 e:\windows\Tasks\At2.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-09-03 e:\windows\Tasks\At3.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-08-15 e:\windows\Tasks\At4.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-09-04 e:\windows\Tasks\HP Photo Creations Messager.job
- e:\dokumente und einstellungen\All Users\Anwendungsdaten\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://web.de/
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - e:\programme\WEB.DE Toolbar\IE\uitb.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Acrobat 5.0 - e:\windows\ISUN0407.EXE
AddRemove-QuickTime 3.0 - e:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-06 18:52
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2012-09-06 18:53:46
ComboFix-quarantined-files.txt 2012-09-06 16:53
.
Vor Suchlauf: 11 Verzeichnis(se), 271.691.034.624 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 272.510.918.656 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 820A1C2CB01026A19A6D3925E8935B58
Hallo, danke für die Hilfe. Hier der Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-09-06.02 - Thomas 06.09.2012 18:47:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1309 [GMT 2:00]
ausgeführt von:: e:\dokumente und einstellungen\Thomas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\dokumente und einstellungen\Thomas\WINDOWS
E:\install.exe
e:\programme\INSTALL.LOG
e:\windows\IsUn0407.exe
e:\windows\system32\dllcache\dlimport.exe
e:\windows\system32\WinSys.exe
e:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-06 bis 2012-09-06 ))))))))))))))))))))))))))))))
.
.
2012-09-06 16:39 . 2012-09-06 16:39 -------- d-----w- e:\windows\LastGood
2012-09-06 16:36 . 2012-09-06 16:36 -------- d-----w- e:\dokumente und einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Sun
2012-09-04 17:28 . 2012-09-04 17:28 -------- d-----w- e:\dokumente und einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Temp
2012-09-03 19:15 . 2012-09-03 19:15 -------- d-----w- e:\programme\Gemeinsame Dateien\Java
2012-09-03 19:14 . 2012-09-03 19:14 93672 ----a-w- e:\windows\system32\WindowsAccessBridge.dll
2012-09-03 19:11 . 2012-09-03 19:11 73416 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 19:11 . 2012-09-03 19:11 696520 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2012-09-03 17:18 . 2012-09-03 17:18 -------- d-----w- e:\dokumente und einstellungen\Thomas\Anwendungsdaten\Malwarebytes
2012-09-03 17:18 . 2012-09-03 17:18 -------- d-----w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-08-21 08:13 . 2012-08-24 18:37 -------- d-----w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\036DFF61031355AC6E2AEFE07B07D287
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 19:14 . 2012-05-05 16:07 821736 ----a-w- e:\windows\system32\npdeployJava1.dll
2012-09-03 19:14 . 2012-05-05 16:07 143872 ----a-w- e:\windows\system32\javacpl.cpl
2012-07-06 13:59 . 2007-10-29 12:00 78336 ----a-w- e:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-07-11 18:01 139784 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2007-10-29 12:00 1866240 ----a-w- e:\windows\system32\win32k.sys
2012-07-02 17:39 . 2007-10-29 12:00 916992 ----a-w- e:\windows\system32\wininet.dll
2012-07-02 17:39 . 2007-10-29 12:00 43520 ------w- e:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2007-10-29 12:00 1469440 ------w- e:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2007-10-29 12:00 385024 ------w- e:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "e:\programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-01-16 57344]
.
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:38 154216 ----a-w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2011-12-12 16:12 1600616 ----a-w- e:\programme\WEB.DE Toolbar\IE\uitb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "e:\programme\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C424171E-592A-415A-9EB1-DFD6D95D3530}"= "e:\programme\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\programme\Steam\Steam.exe" [2012-08-10 1353080]
"1und1Dispatcher"="e:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe" [2011-06-08 223600]
"Sony PC Companion"="e:\programme\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"WinSys2"="e:\windows\system32\winsys2.exe" [2007-10-30 208896]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Nero MediaHome 4"="e:\programme\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-08-29 3622184]
"NBKeyScan"="e:\programme\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-08-29 2254120]
"UVS11 Preload"="e:\programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"hpqSRMon"="e:\programme\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="e:\programme\QuickTime\QTTask.exe" [2007-06-29 286720]
"Adobe Photo Downloader"="e:\programme\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"AVMWlanClient"="e:\programme\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"amd_dc_opt"="e:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avgnt"="e:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"HP Software Update"="e:\programme\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Microsoft Default Manager"="e:\programme\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"nwiz"="e:\programme\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"SunJavaUpdateSched"="e:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="e:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
e:\dokumente und einstellungen\Thomas\Startmenü\Programme\Autostart\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - e:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Tintenwarnungen überwachen - HP Photosmart 6510 series.lnk - e:\windows\system32\RunDll32.exe [2007-10-29 33792]
.
e:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - e:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech SetPoint.lnk - e:\programme\Logitech\SetPoint\SetPoint.exe [2008-7-11 692224]
WISO Mein Steuer-Sparbuch heute.lnk - e:\programme\WISO\Steuersoftware 2012\mshaktuell.exe [2012-1-29 1380464]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Programme\\UBISOFT\\Prince of Persia\\Prince of Persia.exe"=
"e:\\Programme\\UBISOFT\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"e:\\Programme\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"e:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"e:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"e:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"e:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=
"e:\\Programme\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"e:\\Programme\\Steam\\Steam.exe"=
"e:\\Programme\\Steam\\SteamApps\\common\\duke nukem forever\\System\\DukeForever.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Programme\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [11.01.2012 23:37 36000]
R2 AntiVirSchedulerService;Avira Planer;e:\programme\Avira\AntiVir Desktop\sched.exe [11.01.2012 23:37 86224]
R2 nvUpdatusService;NVIDIA Update Service Daemon;e:\programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [05.05.2012 18:38 2348352]
R3 FWLANUSB;AVM FRITZ!WLAN;e:\windows\system32\drivers\fwlanusb.sys [30.07.2010 20:01 265088]
R3 Sony PC Companion;Sony PC Companion;e:\programme\Sony\Sony PC Companion\PCCService.exe [25.05.2011 15:06 155320]
S3 avmeject;AVM Eject;e:\windows\system32\drivers\avmeject.sys [30.07.2010 20:01 4352]
S3 elDiag;U142 Diagostics Port Driver;e:\windows\system32\drivers\FTD2XX.sys [15.07.2008 21:06 34639]
S3 elUsbU142CardBus;U142 Adapter Driver;e:\windows\system32\drivers\elu142.sys [15.07.2008 21:06 114176]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\magix\Common\Database\bin\fbserver.exe [06.08.2008 21:21 1527900]
S3 GTUQBUS;GT UQ BUS;e:\windows\system32\drivers\gtuqbus.sys [19.07.2008 19:01 37120]
S3 seehcri;Sony Ericsson seehcri Device Driver;e:\windows\system32\drivers\seehcri.sys [09.10.2010 12:50 27632]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - HTTPFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- e:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-26 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\programme\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
2012-08-21 e:\windows\Tasks\At1.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-09-03 e:\windows\Tasks\At2.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-09-03 e:\windows\Tasks\At3.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-08-15 e:\windows\Tasks\At4.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-09-04 e:\windows\Tasks\HP Photo Creations Messager.job
- e:\dokumente und einstellungen\All Users\Anwendungsdaten\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://web.de/
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - e:\programme\WEB.DE Toolbar\IE\uitb.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Acrobat 5.0 - e:\windows\ISUN0407.EXE
AddRemove-QuickTime 3.0 - e:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-06 18:52
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2012-09-06 18:53:46
ComboFix-quarantined-files.txt 2012-09-06 16:53
.
Vor Suchlauf: 11 Verzeichnis(se), 271.691.034.624 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 272.510.918.656 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 820A1C2CB01026A19A6D3925E8935B58
|
|
06.09.2012, 18:14
| #4 |
| /// Selecta Jahrusso | Live Security PlatinumESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
06.09.2012, 18:14
| #5 |
| | Live Security Platinum Hallo, danke für die Hilfe. Hier der Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-09-06.02 - Thomas 06.09.2012 18:47:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1309 [GMT 2:00]
ausgeführt von:: e:\dokumente und einstellungen\Thomas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\dokumente und einstellungen\Thomas\WINDOWS
E:\install.exe
e:\programme\INSTALL.LOG
e:\windows\IsUn0407.exe
e:\windows\system32\dllcache\dlimport.exe
e:\windows\system32\WinSys.exe
e:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-06 bis 2012-09-06 ))))))))))))))))))))))))))))))
.
.
2012-09-06 16:39 . 2012-09-06 16:39 -------- d-----w- e:\windows\LastGood
2012-09-06 16:36 . 2012-09-06 16:36 -------- d-----w- e:\dokumente und einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Sun
2012-09-04 17:28 . 2012-09-04 17:28 -------- d-----w- e:\dokumente und einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Temp
2012-09-03 19:15 . 2012-09-03 19:15 -------- d-----w- e:\programme\Gemeinsame Dateien\Java
2012-09-03 19:14 . 2012-09-03 19:14 93672 ----a-w- e:\windows\system32\WindowsAccessBridge.dll
2012-09-03 19:11 . 2012-09-03 19:11 73416 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 19:11 . 2012-09-03 19:11 696520 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2012-09-03 17:18 . 2012-09-03 17:18 -------- d-----w- e:\dokumente und einstellungen\Thomas\Anwendungsdaten\Malwarebytes
2012-09-03 17:18 . 2012-09-03 17:18 -------- d-----w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-08-21 08:13 . 2012-08-24 18:37 -------- d-----w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\036DFF61031355AC6E2AEFE07B07D287
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 19:14 . 2012-05-05 16:07 821736 ----a-w- e:\windows\system32\npdeployJava1.dll
2012-09-03 19:14 . 2012-05-05 16:07 143872 ----a-w- e:\windows\system32\javacpl.cpl
2012-07-06 13:59 . 2007-10-29 12:00 78336 ----a-w- e:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-07-11 18:01 139784 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2007-10-29 12:00 1866240 ----a-w- e:\windows\system32\win32k.sys
2012-07-02 17:39 . 2007-10-29 12:00 916992 ----a-w- e:\windows\system32\wininet.dll
2012-07-02 17:39 . 2007-10-29 12:00 43520 ------w- e:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2007-10-29 12:00 1469440 ------w- e:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2007-10-29 12:00 385024 ------w- e:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "e:\programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-01-16 57344]
.
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:38 154216 ----a-w- e:\dokumente und einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2011-12-12 16:12 1600616 ----a-w- e:\programme\WEB.DE Toolbar\IE\uitb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "e:\programme\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C424171E-592A-415A-9EB1-DFD6D95D3530}"= "e:\programme\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\programme\Steam\Steam.exe" [2012-08-10 1353080]
"1und1Dispatcher"="e:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe" [2011-06-08 223600]
"Sony PC Companion"="e:\programme\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"WinSys2"="e:\windows\system32\winsys2.exe" [2007-10-30 208896]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Nero MediaHome 4"="e:\programme\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-08-29 3622184]
"NBKeyScan"="e:\programme\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-08-29 2254120]
"UVS11 Preload"="e:\programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"hpqSRMon"="e:\programme\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="e:\programme\QuickTime\QTTask.exe" [2007-06-29 286720]
"Adobe Photo Downloader"="e:\programme\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"AVMWlanClient"="e:\programme\avmwlanstick\wlangui.exe" [2009-05-07 1904640]
"amd_dc_opt"="e:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avgnt"="e:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"HP Software Update"="e:\programme\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Microsoft Default Manager"="e:\programme\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"nwiz"="e:\programme\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"SunJavaUpdateSched"="e:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="e:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
e:\dokumente und einstellungen\Thomas\Startmenü\Programme\Autostart\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - e:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Tintenwarnungen überwachen - HP Photosmart 6510 series.lnk - e:\windows\system32\RunDll32.exe [2007-10-29 33792]
.
e:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - e:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech SetPoint.lnk - e:\programme\Logitech\SetPoint\SetPoint.exe [2008-7-11 692224]
WISO Mein Steuer-Sparbuch heute.lnk - e:\programme\WISO\Steuersoftware 2012\mshaktuell.exe [2012-1-29 1380464]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Programme\\UBISOFT\\Prince of Persia\\Prince of Persia.exe"=
"e:\\Programme\\UBISOFT\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"e:\\Programme\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"e:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"e:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"e:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"e:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"e:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=
"e:\\Programme\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"e:\\Programme\\Steam\\Steam.exe"=
"e:\\Programme\\Steam\\SteamApps\\common\\duke nukem forever\\System\\DukeForever.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Programme\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [11.01.2012 23:37 36000]
R2 AntiVirSchedulerService;Avira Planer;e:\programme\Avira\AntiVir Desktop\sched.exe [11.01.2012 23:37 86224]
R2 nvUpdatusService;NVIDIA Update Service Daemon;e:\programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [05.05.2012 18:38 2348352]
R3 FWLANUSB;AVM FRITZ!WLAN;e:\windows\system32\drivers\fwlanusb.sys [30.07.2010 20:01 265088]
R3 Sony PC Companion;Sony PC Companion;e:\programme\Sony\Sony PC Companion\PCCService.exe [25.05.2011 15:06 155320]
S3 avmeject;AVM Eject;e:\windows\system32\drivers\avmeject.sys [30.07.2010 20:01 4352]
S3 elDiag;U142 Diagostics Port Driver;e:\windows\system32\drivers\FTD2XX.sys [15.07.2008 21:06 34639]
S3 elUsbU142CardBus;U142 Adapter Driver;e:\windows\system32\drivers\elu142.sys [15.07.2008 21:06 114176]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\magix\Common\Database\bin\fbserver.exe [06.08.2008 21:21 1527900]
S3 GTUQBUS;GT UQ BUS;e:\windows\system32\drivers\gtuqbus.sys [19.07.2008 19:01 37120]
S3 seehcri;Sony Ericsson seehcri Device Driver;e:\windows\system32\drivers\seehcri.sys [09.10.2010 12:50 27632]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - HTTPFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- e:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-26 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\programme\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
2012-08-21 e:\windows\Tasks\At1.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-09-03 e:\windows\Tasks\At2.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-09-03 e:\windows\Tasks\At3.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-08-15 e:\windows\Tasks\At4.job
- e:\programme\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-09-04 e:\windows\Tasks\HP Photo Creations Messager.job
- e:\dokumente und einstellungen\All Users\Anwendungsdaten\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://web.de/
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - e:\programme\WEB.DE Toolbar\IE\uitb.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Acrobat 5.0 - e:\windows\ISUN0407.EXE
AddRemove-QuickTime 3.0 - e:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-06 18:52
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2012-09-06 18:53:46
ComboFix-quarantined-files.txt 2012-09-06 16:53
.
Vor Suchlauf: 11 Verzeichnis(se), 271.691.034.624 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 272.510.918.656 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 820A1C2CB01026A19A6D3925E8935B58
|
|
06.09.2012, 18:27
| #6 |
| /// Selecta Jahrusso | Live Security Platinum
__________________ --> Live Security Platinum |
|
10.09.2012, 21:16
| #7 |
| /// Selecta Jahrusso | Live Security Platinum Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
12.09.2012, 16:50
| #8 |
| | Live Security Platinum So und hier der ESET log: HTML-Code: E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\7a20265b-10fc9a0d multiple threats E:\Programme\AskTBar\bar\1.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application E:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL Win32/Toolbar.AskSBar application E:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Win32/Toolbar.MyWebSearch application Operating memory multiple threats Greetz GuM |
|
13.09.2012, 14:35
| #9 |
| /// Selecta Jahrusso | Live Security Platinum Noch irgendwelche Probleme ? Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
13.09.2012, 18:01
| #10 |
| | Live Security Platinum Hallo, Rechner läuft stabil, irgendwelche Probleme sind nicht zu erkennen. Hier die Logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.09.2012 18:16:14 - Run 2 OTL by OldTimer - Version 3.2.61.3 Folder = E:\Dokumente und Einstellungen\Thomas\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 63,93% Memory free 3,85 Gb Paging File | 3,18 Gb Available in Paging File | 82,72% Paging File free Paging file location(s): E:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme Drive C: | 73,24 Gb Total Space | 25,26 Gb Free Space | 34,49% Space Free | Partition Type: NTFS Drive E: | 392,51 Gb Total Space | 253,51 Gb Free Space | 64,59% Space Free | Partition Type: NTFS Computer Name: EINSTEIN-8400 | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe (OldTimer Tools) PRC - E:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - E:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony) PRC - E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () PRC - E:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe () PRC - E:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - E:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - E:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - E:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) PRC - E:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) PRC - E:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - E:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - E:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - E:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.) PRC - E:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) PRC - E:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - E:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - E:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - E:\Programme\Sony\Sony PC Companion\MExplorer.dll () MOD - E:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - E:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () MOD - E:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wfvie12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\rsguiwinapi47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wsteu12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\rscorewinapi47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wgui12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wcore12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wauff12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\wreli12.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe () MOD - E:\Programme\WISO\Steuersoftware 2012\rsodbc47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\rsdcom47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtsqlrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtcluceners47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\phononrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtwebkitrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qttestrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtscriptrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtsvgrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtguirs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qt3supportrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtnetworkrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtxmlrs47.dll () MOD - E:\Programme\WISO\Steuersoftware 2012\qtcorers47.dll () MOD - E:\WINDOWS\system32\msdmo.dll () MOD - E:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Services (SafeList) ========== SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (JavaQuickStarterService) -- E:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (AntiVirService) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- E:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Sony PC Companion) -- E:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (odserv) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AVM WLAN Connection Service) -- E:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (NeroMediaHomeService.4) -- E:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG) SRV - (PLFlash DeviceIoControl Service) -- E:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- E:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (LightScribeService) -- E:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Capture Device Service) -- E:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (UleadBurningHelper) -- E:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (ose) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AdobeActiveFileMonitor5.0) -- E:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (FirebirdServerMAGIXInstance) -- E:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (NTACCESS) -- D:\NTACCESS.sys File not found DRV - (MSICPL) -- D:\install4\MSICPL.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found DRV - (Changer) -- File not found DRV - (catchme) -- E:\DOKUME~1\Thomas\LOKALE~1\Temp\catchme.sys File not found DRV - (avipbb) -- E:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- E:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- E:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- E:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FWLANUSB) -- E:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- E:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (atksgt) -- E:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- E:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (hwdatacard) -- E:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (IntcAzAudAddService) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (seehcri) -- E:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (RTLE8023xp) -- E:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (GTUQBUS) -- E:\WINDOWS\system32\drivers\gtuqbus.sys (Option N.V.) DRV - (GTPTSER) -- E:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.) DRV - (AmdLLD) -- E:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (s117obex) -- E:\WINDOWS\system32\drivers\s117obex.sys (MCCI Corporation) DRV - (s117mdm) -- E:\WINDOWS\system32\drivers\s117mdm.sys (MCCI Corporation) DRV - (s117mgmt) -- E:\WINDOWS\system32\drivers\s117mgmt.sys (MCCI Corporation) DRV - (s117unic) -- E:\WINDOWS\system32\drivers\s117unic.sys (MCCI Corporation) DRV - (s117nd5) -- E:\WINDOWS\system32\drivers\s117nd5.sys (MCCI Corporation) DRV - (s117mdfl) -- E:\WINDOWS\system32\drivers\s117mdfl.sys (MCCI Corporation) DRV - (s117bus) -- E:\WINDOWS\system32\drivers\s117bus.sys (MCCI Corporation) DRV - (elUsbU142CardBus) -- E:\WINDOWS\system32\drivers\elu142.sys (Elan Digital Systems Ltd) DRV - (elDiag) -- E:\WINDOWS\system32\drivers\FTD2XX.sys (FTDI Ltd.) DRV - (LMouKE) -- E:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.) DRV - (L8042mou) -- E:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.) DRV - (L8042Kbd) -- E:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - E:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\SearchScopes,DefaultScope = {E9231B5E-4062-4031-8C99-2380218CD709} IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\SearchScopes\{92D6BBF6-B2ED-49B5-BAAC-4CE0E1767B4C}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms} IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\SearchScopes\{E3A83A13-EAD7-427B-AA1A-83CB68922077}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\SearchScopes\{E9231B5E-4062-4031-8C99-2380218CD709}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms} IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1214440339-616249376-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: E:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: E:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: e:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: E:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: E:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: E:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.17 18:44:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: E:\Programme\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.04.24 20:18:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: E:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 O1 HOSTS File: ([2012.09.06 18:52:33 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - E:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - E:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - E:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - E:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - E:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - E:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-1214440339-616249376-682003330-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - E:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O4 - HKLM..\Run: [Adobe ARM] E:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] E:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] E:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] E:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [NBKeyScan] E:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [Nero MediaHome 4] E:\Programme\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] E:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UVS11 Preload] E:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKLM..\Run: [WinSys2] E:\WINDOWS\system32\WinSys2.exe () O4 - HKU\S-1-5-21-1214440339-616249376-682003330-1003..\Run: [1und1Dispatcher] E:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH) O4 - HKU\S-1-5-21-1214440339-616249376-682003330-1003..\Run: [Sony PC Companion] E:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKU\S-1-5-21-1214440339-616249376-682003330-1003..\Run: [Steam] E:\Programme\Steam\Steam.exe (Valve Corporation) O4 - Startup: E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = E:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1214440339-616249376-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://photoservice.fujicolor.eu/ips-opdata/layout/aspadmin/objects/canvasx.cab (CanvasX Class) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229060297769 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229060171565 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A9839C3-B925-4D4E-A1E7-A7E6419FE2DF}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - E:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.11 20:05:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.13 18:13:10 | 000,600,064 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe [2012.09.12 16:16:10 | 000,000,000 | ---D | C] -- E:\Programme\ESET [2012.09.06 19:20:48 | 000,000,000 | -HSD | C] -- E:\RECYCLER [2012.09.06 18:43:54 | 000,518,144 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe [2012.09.06 18:43:54 | 000,406,528 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe [2012.09.06 18:43:54 | 000,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe [2012.09.06 18:43:54 | 000,060,416 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe [2012.09.06 18:43:46 | 000,000,000 | ---D | C] -- E:\Qoobox [2012.09.06 18:43:34 | 000,000,000 | ---D | C] -- E:\WINDOWS\erdnt [2012.09.06 18:36:58 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Sun [2012.09.04 19:28:46 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Temp [2012.09.04 19:08:32 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.09.03 21:15:07 | 000,000,000 | ---D | C] -- E:\Programme\Gemeinsame Dateien\Java [2012.09.03 21:15:00 | 000,246,760 | ---- | C] (Oracle Corporation) -- E:\WINDOWS\System32\javaws.exe [2012.09.03 21:14:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- E:\WINDOWS\System32\javaw.exe [2012.09.03 21:14:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- E:\WINDOWS\System32\java.exe [2012.09.03 21:14:54 | 000,093,672 | ---- | C] (Oracle Corporation) -- E:\WINDOWS\System32\WindowsAccessBridge.dll [2012.09.03 21:11:13 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- E:\WINDOWS\System32\FlashPlayerApp.exe [2012.09.03 21:11:13 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- E:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.09.03 19:18:09 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Malwarebytes [2012.09.03 19:18:03 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.08.21 10:13:43 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF61031355AC6E2AEFE07B07D287 [5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] [1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.13 18:13:13 | 000,600,064 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe [2012.09.13 18:09:34 | 000,013,736 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl [2012.09.13 18:09:05 | 000,001,669 | ---- | M] () -- E:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\Tintenwarnungen überwachen - HP Photosmart 6510 series.lnk [2012.09.13 18:08:48 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat [2012.09.12 17:01:01 | 000,000,342 | ---- | M] () -- E:\WINDOWS\tasks\HP Photo Creations Messager.job [2012.09.09 20:15:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\tasks\At3.job [2012.09.08 10:10:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\tasks\At1.job [2012.09.06 20:40:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\tasks\At2.job [2012.09.06 18:52:33 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts [2012.09.04 19:01:12 | 000,001,714 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.09.03 21:14:43 | 000,821,736 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\npdeployJava1.dll [2012.09.03 21:14:43 | 000,246,760 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\javaws.exe [2012.09.03 21:14:43 | 000,174,056 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\javaw.exe [2012.09.03 21:14:43 | 000,174,056 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\java.exe [2012.09.03 21:14:43 | 000,143,872 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\javacpl.cpl [2012.09.03 21:14:43 | 000,093,672 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\WindowsAccessBridge.dll [2012.09.03 21:11:13 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- E:\WINDOWS\System32\FlashPlayerApp.exe [2012.09.03 21:11:13 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- E:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.08.18 19:53:15 | 000,248,696 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT [2012.08.17 11:11:18 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK [2012.08.16 17:11:07 | 000,001,703 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Sony PC Companion 2.1.lnk [2012.08.15 14:00:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\tasks\At4.job [5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] [1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.06 18:43:54 | 000,256,000 | ---- | C] () -- E:\WINDOWS\PEV.exe [2012.09.06 18:43:54 | 000,208,896 | ---- | C] () -- E:\WINDOWS\MBR.exe [2012.09.06 18:43:54 | 000,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe [2012.09.06 18:43:54 | 000,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe [2012.09.06 18:43:54 | 000,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe [2012.09.04 19:01:12 | 000,001,804 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2012.09.04 19:01:12 | 000,001,714 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.04.24 20:13:37 | 000,000,057 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ament.ini [2012.02.16 21:01:00 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll [2012.01.14 21:11:05 | 000,293,992 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb0.bin [2012.01.14 21:11:04 | 000,293,992 | ---- | C] () -- E:\WINDOWS\System32\nvdrsdb1.bin [2012.01.14 21:11:04 | 000,000,001 | ---- | C] () -- E:\WINDOWS\System32\nvdrssel.bin [2012.01.14 21:10:30 | 002,784,050 | ---- | C] () -- E:\WINDOWS\System32\nvdata.data [2011.12.19 20:41:19 | 000,819,200 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll [2011.12.19 20:41:19 | 000,180,224 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll [2010.10.17 18:12:52 | 000,566,964 | ---- | C] () -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\mdbu.bin [2008.09.28 18:43:40 | 000,024,576 | ---- | C] () -- E:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.08.24 20:37:23 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF61031355AC6E2AEFE07B07D287 [2012.01.11 23:46:57 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon [2012.05.26 19:10:20 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2009.11.15 12:25:39 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2011.12.21 22:09:01 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\clone.AD [2012.01.11 23:46:57 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons [2010.07.18 19:40:35 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2009.01.16 21:11:52 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo [2009.08.09 21:36:40 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2008.08.06 21:21:16 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2009.01.19 20:56:49 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic [2009.01.16 21:12:42 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2012.03.09 09:38:48 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2009.01.16 21:15:01 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2012.01.11 23:46:57 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb [2009.10.18 10:45:42 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2009.10.18 10:45:51 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone [2008.07.19 18:56:15 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Bytemobile [2011.02.08 19:56:40 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Ancient Quest of Saqqarah__intenium [2009.03.29 11:17:05 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Buhl Data Service [2009.06.25 15:53:55 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Buhl Data Service GmbH [2011.02.13 20:30:31 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\GetRightToGo [2012.04.20 01:22:28 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Image Zone Express [2008.08.31 14:59:39 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\InterTrust [2008.07.11 20:38:38 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Leadertech [2008.09.28 18:34:18 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\MAGIX [2009.01.16 21:22:26 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Ulead Systems [2008.07.19 19:00:10 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Vodafone [2012.09.08 10:10:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\Tasks\At1.job [2012.09.06 20:40:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\Tasks\At2.job [2012.09.09 20:15:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\Tasks\At3.job [2012.08.15 14:00:00 | 000,000,456 | ---- | M] () -- E:\WINDOWS\Tasks\At4.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.09.2012 18:16:14 - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = E:\Dokumente und Einstellungen\Thomas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 63,93% Memory free
3,85 Gb Paging File | 3,18 Gb Available in Paging File | 82,72% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme
Drive C: | 73,24 Gb Total Space | 25,26 Gb Free Space | 34,49% Space Free | Partition Type: NTFS
Drive E: | 392,51 Gb Total Space | 253,51 Gb Free Space | 64,59% Space Free | Partition Type: NTFS
Computer Name: EINSTEIN-8400 | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"E:\Programme\HP\Digital Imaging\bin\hposid01.exe" = E:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = E:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = E:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"E:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"E:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = E:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\HP Software Update\HPWUCli.exe" = E:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = E:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Programme\UBISOFT\Prince of Persia\Prince of Persia.exe" = E:\Programme\UBISOFT\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx -- (Ubisoft)
"E:\Programme\UBISOFT\Prince of Persia\PrinceOfPersia_Launcher.exe" = E:\Programme\UBISOFT\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update -- (Ubisoft)
"E:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe" = E:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe:*:Enabled:Nero MediaHome 4 -- (Nero AG)
"E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = E:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"E:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe" = E:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0 -- (Sony Creative Software Inc.)
"E:\Programme\HP\Digital Imaging\bin\hposid01.exe" = E:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = E:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = E:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = E:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"E:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = E:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"E:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = E:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = E:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe" = E:\Programme\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"E:\Programme\HP\HP Software Update\HPWUCli.exe" = E:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"E:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = E:\Programme\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"E:\Programme\Steam\Steam.exe" = E:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Programme\Steam\SteamApps\common\duke nukem forever\System\DukeForever.exe" = E:\Programme\Steam\SteamApps\common\duke nukem forever\System\DukeForever.exe:*:Enabled:Duke Nukem Forever -- ()
"E:\Programme\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe" = E:\Programme\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung (HP Photosmart 6510 series) -- (Hewlett-Packard Co.)
"E:\Programme\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe" = E:\Programme\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator (HP Photosmart 6510 series) -- (Hewlett-Packard Co.)
"E:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = E:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0812B697-3B0A-4392-B975-E415FC16C71E}" = HP Photosmart C5300 All-In-One Driver Software 12.0 Rel .4
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{3AA1CB3C-F146-4340-AF8C-E97845A22629}" = C5300
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C41DF54-F78D-404E-9E71-29EF5A00F1E9}" = MotionDV STUDIO 6.0E LE for DV
"{4D41364A-E965-42E0-AD5B-9D53FBBAAC62}" = Postermaker Software - 2008 Special Edition in Oncology
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F6A91D-46D4-4919-ABE6-55BD17DEB039}" = SweetMovieLife 1.1E
"{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C72622B-643D-4296-B57D-5D53D0C68509}" = Sony Ericsson Media Manager 1.0
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5FF598DB-F2D0-461B-A97D-506D31BA5373}" = BCL easyPDF COM
"{61eb02e1-76e4-4522-a145-62ef1b10eb8c}" = Nero MediaHome 4 Trial
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73401390-0363-4FBE-853F-51F6F2D657B8}" = Studie zur Verbesserung von HP Photosmart 6510 series Produkten
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7A92A322-1A10-4153-B551-D547AA9B4649}" = Schiffe Versenken - Karibik Edition
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{83C4CC25-EEFA-4E9F-A428-E1764266442E}" = PS_AIO_04_C5300_Software_Min
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94C5F3DC-7891-42BA-8F14-1D689DD972B7}" = Kartendesigner - Einladung & Party
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{995A7F95-907E-4C25-8A2A-39CDCB7EC69C}" = Nero BackItUp
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Hilfe
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB5C4115-57A5-4B30-B103-3DDF65FB5034}" = Nero BackItUp
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{acc36eed-6027-4e0a-8c06-7b0b3cbaf204}" = Nero 9
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{AD1CB74F-C528-440B-90F8-2AD35C9B09F1}" = Nero MediaHome 4
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help
"{C05DB3EA-72D9-4EF0-9D19-B0864AF582A5}" = WISO Haushaltsbuch 2009
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13F11D1-00BA-44DF-B626-35E1C03F85E5}" = D1300
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software (deu)
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E1A1B9-35A5-46F7-A4B1-9467828AAE6E}" = HP Photosmart 6510 series - Grundlegende Software für das Gerät
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F219234A-8D39-4D99-A77D-AE97A6FBD198}" = Nero MediaHome 4 Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{fd7e1360-a30e-42cb-bcf0-8c0a3af5a70b}" = Nero BackItUp 4
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"1947ed9c549f680a9ed3f1fdbb9337a4" = Myst V End Of Ages
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"avi.NET 3.5.1.0" = avi.NET 3.5.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AVMWLANCLI" = AVM FRITZ!WLAN
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"elDiag" = U142 Diagostics Port Driver
"elUsbU142CardBus" = U142 Adapter Driver
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server (D)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"Interaktiver Atlas der Blickdiagnostik" = Interaktiver Atlas der Blickdiagnostik
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX MP3 Maker Centurion D" = MAGIX MP3 Maker Centurion (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Perry Rhodan_is1" = Perry Rhodan
"Saqqarah" = Saqqarah
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 57900" = Duke Nukem Forever
"Super Nautica Special" = Super Nautica Special
"SystemRequirementsLab" = System Requirements Lab
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Universal Media Player" = Universal Media Player
"VLC media player" = VLC media player 1.1.11
"VobSub" = VobSub v2.23 (Remove Only)
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X3-Reunion2.0.02DE_is1" = X3: Reunion v2.0.02
"X3TerranConflict_is1" = X3 Terran Conflict v1.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.07.2012 14:21:12 | Computer Name = EINSTEIN-8400 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig. .
Error - 21.08.2012 04:18:57 | Computer Name = EINSTEIN-8400 | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80080005.
Error - 21.08.2012 04:33:51 | Computer Name = EINSTEIN-8400 | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error - 21.08.2012 04:34:57 | Computer Name = EINSTEIN-8400 | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error - 21.08.2012 04:36:42 | Computer Name = EINSTEIN-8400 | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error - 21.08.2012 05:21:39 | Computer Name = EINSTEIN-8400 | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error - 21.08.2012 14:03:21 | Computer Name = EINSTEIN-8400 | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 21.08.2012 14:22:45 | Computer Name = EINSTEIN-8400 | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 21.08.2012 14:42:00 | Computer Name = EINSTEIN-8400 | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 24.08.2012 13:49:52 | Computer Name = EINSTEIN-8400 | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
[ System Events ]
Error - 09.09.2012 14:08:37 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatic Updates" wurde mit folgendem Fehler beendet:
%%126
Error - 09.09.2012 23:36:58 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatic Updates" wurde mit folgendem Fehler beendet:
%%126
Error - 11.09.2012 09:19:42 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatic Updates" wurde mit folgendem Fehler beendet:
%%126
Error - 12.09.2012 04:18:27 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatic Updates" wurde mit folgendem Fehler beendet:
%%126
Error - 12.09.2012 09:55:28 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatic Updates" wurde mit folgendem Fehler beendet:
%%126
Error - 12.09.2012 11:45:31 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatic Updates" wurde mit folgendem Fehler beendet:
%%126
Error - 13.09.2012 12:09:01 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatic Updates" wurde mit folgendem Fehler beendet:
%%126
Error - 13.09.2012 12:09:57 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst NVSvc.
Error - 13.09.2012 12:09:58 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 13.09.2012 12:09:58 | Computer Name = EINSTEIN-8400 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
|
|
16.09.2012, 16:34
| #11 | |
| /// Selecta Jahrusso | Live Security Platinum Sorry für die Verzögerung. War ausser Haus und hatte keine Chance mit dem Laptop online zu kommen. Kurze Frage. Funktionieren die automatischen Updates von Windows ? Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Downloade dir bitte Farbar's Service Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
18.09.2012, 18:21
| #12 |
| | Live Security Platinum Hallo, die Windows Updates sind auf automatisch eingestellt, also geh ich mal davon aus, dass die Updates funktionieren. Virustotal Link: HTML-Code: https://www.virustotal.com/file/dbcda238b7262eb9c346ed6ffb4b5ad30e40799632d604bd879acc6d11ecfca2/analysis/1347987337/ Farbar Log: HTML-Code: Farbar Service Scanner Version: 06-08-2012 Ran by Thomas (administrator) on 18-09-2012 at 19:15:49 Running from "E:\Dokumente und Einstellungen\Thomas\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll". Windows Autoupdate Disabled Policy: ============================ File Check: ======== E:\WINDOWS\system32\dhcpcsvc.dll [2007-10-29 14:00] - [2008-04-14 04:22] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360 E:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit E:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit E:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit E:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit E:\WINDOWS\system32\dnsrslvr.dll [2007-10-29 14:00] - [2009-04-20 19:17] - 0045568 ____A (Microsoft Corporation) 407F3227AC618FD1CA54B335B083DE07 E:\WINDOWS\system32\ipnathlp.dll [2007-10-29 14:00] - [2008-04-14 04:22] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF E:\WINDOWS\system32\netman.dll [2007-10-29 14:00] - [2008-04-14 04:22] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C E:\WINDOWS\system32\wbem\WMIsvc.dll [2008-07-11 20:01] - [2008-04-14 04:22] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729 E:\WINDOWS\system32\srsvc.dll [2008-07-11 20:03] - [2008-04-14 04:22] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182 E:\WINDOWS\system32\Drivers\sr.sys [2008-07-11 20:03] - [2008-04-14 04:02] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F E:\WINDOWS\system32\wscsvc.dll [2007-10-29 14:00] - [2008-04-14 04:22] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D E:\WINDOWS\system32\wbem\WMIsvc.dll [2008-07-11 20:01] - [2008-04-14 04:22] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729 E:\WINDOWS\system32\wuauserv.dll [2008-07-11 20:03] - [2008-04-14 04:22] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085 E:\WINDOWS\system32\qmgr.dll [2008-07-11 20:03] - [2008-04-14 04:22] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1 E:\WINDOWS\system32\es.dll [2007-10-29 14:00] - [2008-07-07 22:26] - 0253952 ____A (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74 E:\WINDOWS\system32\cryptsvc.dll [2007-10-29 14:00] - [2008-04-14 04:22] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D E:\WINDOWS\system32\svchost.exe [2007-10-29 14:00] - [2008-04-14 04:23] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366 E:\WINDOWS\system32\rpcss.dll [2007-10-29 14:00] - [2009-02-09 12:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B E:\WINDOWS\system32\services.exe [2007-10-29 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC Extra List: ======= Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 0x0700000005000000010000000200000003000000040000000600000007000000 IpSec Tag value is correct. **** End of log **** Gruß GuM |
|
18.09.2012, 23:57
| #13 |
| /// Selecta Jahrusso | Live Security Platinum Windows + R Taste drücken, cmd in die Zeile schreiben und Enter. Gib bitte nun folgendes ein und drücke erneut Enter. sc start wuauserv Sag mir mal ob eine Fehlermeldung kommt.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
20.09.2012, 18:24
| #14 |
| | Live Security Platinum Hallo, also Fehlermeldung kam keine, ich hab die Meldung mal fix abgetippt: SERVICE_NAME: wuauserv TYPE: 20 WIN32_SHARE_PROCESS STATE: 3 STOP_PENDING <STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN> WIN32_EXIT_CODE: 126 <0x7e> SERVICE_EXIT_CODE: 0 <0x0> CHECKPOINT: 0x0 WAIT_HINT: 0x0 PID: 1060 FLAGS: Gruß GuM |
|
20.09.2012, 22:51
| #15 |
| /// Selecta Jahrusso | Live Security Platinum Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter sc config wuauserv start= delayed-auto
del %0
Starte den Rechner neu auf. Starte bitte die FSS.exe.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Live Security Platinum |
| 32 bit, antivir, aufrufe, avira, bho, browser, downloader, error, excel, fehler, firefox, flash player, format, homepage, karte, logfile, mp3, nicht möglich, nvidia update, office 2007, pirates, plug-in, realtek, registry, rundll, scan, security, stick, super, udp, unerwarteter fehler, usb, virus, windows internet, wiso |
Linear-Darstellung
