Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: System Progressive Protection - Entfernung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 22.10.2012, 16:51   #1
Sofima
 
System Progressive Protection - Entfernung - Standard

System Progressive Protection - Entfernung



Hallo Forum,

heute morgen habe ich mich leider auch infiziert - Windows Vista 64 Bit.

Aus den Informationen hier im Forum habe ich das Programm mit "rkill" gestoppt und mit "Malwarebytes" nach einem vollständigen Suchlauf die Funde gelöscht. Danach wie in einem Beitrag mit OTL einen Scan laufen lassen.

Kann mir nun bitte jemand weiterhelfen anhand der Log's?
Kann ich im Moment Internet und das Mailprogramm ohne Sorge nutzen, oder sollte ich lieber nix am/mit dem Rechner arbeiten?

Herrjeh...alles passiert doch einmal im Leben - bisher kam ich ohne "Schäden" durch meine Computerwelt!

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.21.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Fips :: FIPS-PC [Administrator]

Schutz: Aktiviert

22.10.2012 09:54:41
mbam-log-2012-10-22 (09-54-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 870797
Laufzeit: 3 Stunde(n), 47 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|5EE324A6B0F226EA00005EE2C5C82B2A (Trojan.FakeAlert.SSGen) -> Daten: C:\ProgramData\5EE324A6B0F226EA00005EE2C5C82B2A\5EE324A6B0F226EA00005EE2C5C82B2A.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Fips\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\Users\Fips\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Fips\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\5EE324A6B0F226EA00005EE2C5C82B2A\5EE324A6B0F226EA00005EE2C5C82B2A.exe (Trojan.FakeAlert.SSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
OTL Extras logfile created on: 22.10.2012 17:23:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fips\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,78% Memory free
8,22 Gb Paging File | 5,90 Gb Available in Paging File | 71,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 115,80 Gb Total Space | 54,66 Gb Free Space | 47,20% Space Free | Partition Type: NTFS
Drive D: | 349,96 Gb Total Space | 308,38 Gb Free Space | 88,12% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 623,07 Gb Free Space | 66,89% Space Free | Partition Type: NTFS
 
Computer Name: FIPS-PC | User Name: Fips | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 73 C0 2C CF CA D3 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0602D8DB-D24E-4424-A25E-861BDBE929F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0ACD5D57-4FBD-469A-AC6F-C8D20E5737C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{13219579-7FC1-48F9-BA59-559CAD62D328}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{27592B53-B850-417B-8100-850538DD7E1D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{284E42D1-4E4C-4058-95F4-A34C7A008392}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2A1A4D76-B48B-41A8-A53B-D3900C57BDEF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4B0DC77B-4A29-4882-B0AD-6AD29AE5DF71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5783E445-2731-4678-94BC-D79AE5B572FA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5F58B54B-C8E3-4D5F-A0CE-EF39659A75CF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{65CFEDD0-D707-445B-B325-42412C4E4AF4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6785ACB5-149F-454F-8B83-7F8E6E774B56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8890C7FA-B3AB-4C46-9790-BBA64BBC443B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{889A470A-00A2-4B59-B8EF-90ADDF734D37}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A13D6855-F584-408A-AD4C-4119C50BCDED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A308BB75-9428-48A8-BC3D-527FF0BC56D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A51D7642-C583-4174-8090-240ADC2E71F9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B9F703E7-C31E-4576-A0E8-5FB839D4BE08}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CBFCD9A6-FDAF-434D-982E-67D0D47EB881}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CC87156B-A8A2-4315-BBC1-3408F1CD00EC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{E9C84D45-026E-4408-A9E6-140C85A35103}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EF1B3CFC-7D3B-41D5-808A-C687633BE88D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FA9E6AF3-9D66-4822-B882-428CA96639C3}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02927D87-9606-413D-9D89-3BFA5970D9FC}" = dir=in | app=e:\setup\hpznui40.exe | 
"{03FC5E8C-650D-4BCF-BE46-A8AB0586AA3B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{0A7C36AD-7DC5-45D8-B62B-B68FF3A1F5AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0BD70C00-51B7-4D6F-B904-5FFEEEB89249}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0CDDB682-434E-496A-B4C7-25268A3C9172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{0ED3A26F-722E-4AEE-B24A-4C7A07DA78BB}" = protocol=17 | dir=in | app=c:\program files (x86)\merian scout navimanager\msnavimanager.exe | 
"{11D74483-05E4-44D4-8C09-209317CC6A50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{13EE4451-1C13-4D1F-91B8-F02A340BB92D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{1B798826-0F32-434A-BFFA-277D149F5696}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{2104C697-6588-4B55-90D4-A5572D173C47}" = protocol=6 | dir=out | app=system | 
"{27C08000-D4D5-44C3-B84C-32B79DC61654}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{2CAFE7DB-BCB2-4052-BDA5-A52E8F2644AE}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{2D63A424-C4AA-498C-8125-C9BBDB4E1236}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{3239836B-6D21-4242-A5AA-FF5CFB53795B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3E1C2A9E-E24D-492B-905E-F2F4590F1843}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{48087F26-662C-4EC2-ADBD-AF7FC1CA39A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5099802C-BD8D-4D59-9737-F88EB703E2CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{61C66AF1-7871-4708-8FAA-A96F3E69A49B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{65346458-5C62-4951-AF8E-E7BE6DBAF7DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{671A5499-F39B-46EA-A587-80A6DC08259B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{78D2BEA4-94DF-4FC3-A24B-D83D61F35358}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E811D33-56C6-42FC-8664-DF5F55BACF73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{85A9AB2C-E436-471D-8562-8AB68D90986F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88528527-52FE-4F6A-A2CA-4C05BB2DEBAE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{8AD671FC-8FF0-44D0-A54F-F104C400D1EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B7E3457-7D42-4CBE-9C82-37EF54866E4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{8BE331E9-FB17-406B-87D4-D0F95306CB1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{8C06749F-C962-4663-B272-F950FF130F74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8D145A5F-CDB8-45D0-8B35-C2E9AFF62950}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{91B341D4-2BA8-4FA7-AC7F-92CBD00E5FAA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{979239E3-ABB1-4FD3-95C1-0285E772BF0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A1B3F30D-BAD6-4BAC-AD26-AC5E6893125B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A34CD938-4497-4013-8F17-20E4CBE393C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{A4CEC94F-AF70-4216-B8E9-1C5D7DC8126C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{A8154700-583B-4945-86FC-B17D26EDC7A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{AE1F3CC7-4BA1-4E07-980C-22D52DAF3D9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8BE9306-DBFB-4D91-AFCC-93A9F138851B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CDB53652-235A-4678-8C0B-6742D07B13DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D8FC54D7-240B-4150-959C-75809D7EBD0B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{DA7F94BA-7DFD-4326-AF5F-A1A36637695E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{DB78B78B-2605-4D9C-A2F2-10A6DB71B42C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E2AB0F81-248D-4DFE-9FAE-ABCCE4572BBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3AB3BBA-AB84-4875-AC18-22031660B106}" = protocol=6 | dir=in | app=c:\program files (x86)\merian scout navimanager\msnavimanager.exe | 
"{F110F203-8E26-40F3-8802-D706BC1225D8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{F1BE08B0-EFD6-47D0-95C5-68724932A6B1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F4B02003-AE28-42AE-8B24-50E0F8BF5702}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F54A13CE-CDCB-4D95-9D5F-6E1CC5907047}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F66B4903-AE6A-4997-965B-12DE6B49B831}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F85EC175-B392-4F21-AD63-73E43BA5B7FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD5EEBEC-F6AF-4C35-88BB-CEBEF6159401}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"TCP Query User{09BDD7C6-DC91-4605-9F1B-79159EFD06A1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{16F260EF-62A5-435C-BE55-AB507726DC15}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{6A42565D-6B59-4DA4-ADB0-8F660C24F228}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{D6B2B919-E140-4F3C-9796-FEDBFA6636AF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{3C2A04D8-1BDF-4B90-ACF5-A2C3DC8E8266}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{7726DB00-CEF2-4D95-B1DB-486343418B22}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{85F73F7D-1E97-46E3-ABBF-AD37AB602921}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{EC7D49BA-8202-4999-A206-782B893D7D7D}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}" = HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6)
"CCleaner" = CCleaner
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DDDFDF2-4A92-4E77-959F-59D196B99C0C}" = C410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{47D80D13-607F-4F1D-A99B-C66BE2C0293F}" = DHL Bestellhelfer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28C077-9958-45F1-8BB4-CBF90A69AD4E}" = PC Connectivity Solution
"{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5CCF8330-F742-411A-8A04-719806D168B5}" = Deutsche Post E-Porto
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB6CBD4-ED44-4EAA-8496-228395B1C1D0}" = gs_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.6.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1D8B95-0A1E-4357-951E-424F87067EAF}" = MERIAN scout NAVIMANAGER
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F217D8AF-965B-4D3E-8F14-AC47B9CA535B}" = PS_AIO_07_C410_SW_Min
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AllemeinePassworte" = Alle meine Passworte 3.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Doro_is1" = Doro 1.55
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 1.4
"Free Studio_is1" = Free Studio version 5.3.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NAVIGON Sync" = NAVIGON Sync 2.0.0
"Nokia PC Suite" = Nokia PC Suite
"ST6UNST #1" = BEWERBUNGSMASTER
"ST6UNST #2" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\)
"ST6UNST #3" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) #3
"ST6UNST #4" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) #4
"ST6UNST #5" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) #5
"TaskUnifier 2.3.1" = TaskUnifier 2.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.05.2012 00:37:17 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.05.2012 10:18:52 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.05.2012 03:07:34 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.05.2012 03:55:24 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.05.2012 00:44:44 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.05.2012 11:38:34 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.05.2012 00:32:28 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.05.2012 10:11:57 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.05.2012 00:29:20 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.05.2012 10:39:42 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 27.11.2011 04:54:35 | Computer Name = Fips-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.11.2011 06:02:55 | Computer Name = Fips-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.11.2011 06:03:24 | Computer Name = Fips-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 15.10.2012 05:09:44 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 18.10.2012 01:34:04 | Computer Name = Fips-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.4 für die Netzwerkkarte mit der Netzwerkadresse
 002185CA661E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 18.10.2012 09:22:25 | Computer Name = Fips-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.2 für die Netzwerkkarte mit der Netzwerkadresse
 002185CA661E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 19.10.2012 10:49:05 | Computer Name = Fips-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.2 für die Netzwerkkarte mit der Netzwerkadresse
 002185CA661E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 20.10.2012 02:19:55 | Computer Name = Fips-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 22.10.2012 02:48:13 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 22.10.2012 02:52:34 | Computer Name = Fips-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 22.10.2012 03:06:10 | Computer Name = Fips-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 22.10.2012 09:35:48 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 22.10.2012 09:35:48 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 22.10.2012 17:23:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fips\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,78% Memory free
8,22 Gb Paging File | 5,90 Gb Available in Paging File | 71,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 115,80 Gb Total Space | 54,66 Gb Free Space | 47,20% Space Free | Partition Type: NTFS
Drive D: | 349,96 Gb Total Space | 308,38 Gb Free Space | 88,12% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 623,07 Gb Free Space | 66,89% Space Free | Partition Type: NTFS
 
Computer Name: FIPS-PC | User Name: Fips | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fips\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\AmP\AmP.exe (Mirko Böer)
PRC - C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe (CompSoft)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\4710917e5f1bdbb49d9785f4eb0040c5\System.Data.SqlServerCe.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.trojaner-board.de/12524 [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trojaner-board.de/125241-...uft-wurde.html
IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes,DefaultScope = {9DDBE413-E209-49BA-BFDD-099CC9CD11AB}
IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{3FF1D4E7-5559-453C-A84D-69253E8D4DF9}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{862EBCFC-71B6-464D-9FF1-7D748F6DA130}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{8A1676D8-EC44-41EF-B676-24738A6C79F1}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{9DDBE413-E209-49BA-BFDD-099CC9CD11AB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{E439B557-6000-49C1-A511-F514C3127B4D}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.12 12:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.02.13 00:03:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.12 12:20:17 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe (CompSoft)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1141863756-409699812-2697086131-1000..\Run: [Alle meine Passworte] C:\PROGRA~2\AMP\AMP.EXE (Mirko Böer)
O4 - HKU\S-1-5-21-1141863756-409699812-2697086131-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-1141863756-409699812-2697086131-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1141863756-409699812-2697086131-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-1141863756-409699812-2697086131-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: Felder mit Bestellhelfer ausfüllen - C:\Program Files (x86)\DHL\DHL Bestellhelfer\fillFormContext.html ()
O8:64bit: - Extra context menu item: Felder mit Bestellhelfer merken - C:\Program Files (x86)\DHL\DHL Bestellhelfer\assignContext.html ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Felder mit Bestellhelfer ausfüllen - C:\Program Files (x86)\DHL\DHL Bestellhelfer\fillFormContext.html ()
O8 - Extra context menu item: Felder mit Bestellhelfer merken - C:\Program Files (x86)\DHL\DHL Bestellhelfer\assignContext.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AC90B8C-4DE9-4117-8871-944ACAC840F1}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fips\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Fips\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.04 13:08:14 | 000,000,183 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.22 17:21:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fips\Desktop\OTL.exe
[2012.10.22 09:51:33 | 000,000,000 | ---D | C] -- C:\Users\Fips\AppData\Roaming\Malwarebytes
[2012.10.22 09:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.22 09:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.22 09:51:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.22 09:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.22 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\Fips\Desktop\rkill
[2012.10.22 09:42:13 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Fips\Desktop\rkill.com
[2012.10.22 08:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\5EE324A6B0F226EA00005EE2C5C82B2A
[2012.10.10 21:58:20 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 21:58:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.10 21:58:13 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 21:58:12 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.09 07:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2012.10.09 07:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2012.10.09 07:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH
[2012.10.09 07:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEB.DE MailCheck
[2012.10.09 07:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.22 17:21:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fips\Desktop\OTL.exe
[2012.10.22 16:59:54 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 16:59:54 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 16:36:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.22 16:31:30 | 001,494,134 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.22 16:31:30 | 000,645,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.22 16:31:30 | 000,612,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.22 16:31:30 | 000,133,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.22 16:31:30 | 000,111,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.22 16:25:58 | 000,273,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.22 16:25:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.22 09:51:18 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.22 09:42:14 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Fips\Desktop\rkill.com
[2012.10.21 09:25:43 | 000,052,563 | ---- | M] () -- C:\Users\Fips\Desktop\Kfm. Mitarbeiter Hänsel jobmorgen+MM 20.12.2012.pdf
[2012.10.19 08:02:10 | 000,063,824 | ---- | M] () -- C:\Users\Fips\Desktop\SB Versicherung Hornbach stepstone 17.10.2012.pdf
[2012.10.18 08:26:20 | 000,094,567 | ---- | M] () -- C:\Users\Fips\Desktop\Automobilkaufmann AH Henzel jobbörse 17.10.2012.pdf
[2012.10.11 07:38:18 | 000,119,742 | ---- | M] () -- C:\Users\Fips\Desktop\Vertriebsassistentin Openmindz GmbH jobbörse 10.10.2012.pdf
[2012.10.10 07:14:25 | 000,000,247 | ---- | M] () -- C:\Users\Fips\Desktop\Stellenangebote - Bilfinger SE.url
[2012.10.09 08:36:22 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 08:36:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.06 09:29:38 | 000,000,261 | ---- | M] () -- C:\Users\Fips\Desktop\http--www.phoenixgroup.eu-DE-PHOENIXKarriere-stellen-Seiten-default.aspx.url
[2012.10.06 09:15:08 | 000,000,160 | ---- | M] () -- C:\Users\Fips\Desktop\Stellenangebote mit Karrieremöglichkeiten - JOSEPH VÖGELE AG.url
[2012.10.05 07:52:44 | 000,000,226 | ---- | M] () -- C:\Users\Fips\Desktop\Jobs in Mannheim, Stellenangebote Mannheim, Jobsuche StepStone.url
[2012.10.03 09:29:21 | 000,000,237 | ---- | M] () -- C:\Users\Fips\Desktop\Jobs minol.url
[2012.10.02 07:59:14 | 000,124,708 | ---- | M] () -- C:\Users\Fips\Desktop\Mitarbeiter Vertrieb Lindorff jobbörse 01.10.2012.pdf
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.28 07:44:52 | 000,123,894 | ---- | M] () -- C:\Users\Fips\Desktop\Kfm. Angestellte S+P Lion AG jobbörse 27.09.2012.pdf
[2012.09.27 10:03:27 | 000,000,270 | ---- | M] () -- C:\Users\Fips\Desktop\Stellenausschreibungen der Stadt Mannheim  Mannheim.de.url
 
========== Files Created - No Company Name ==========
 
[2012.10.22 09:51:18 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.21 09:25:43 | 000,052,563 | ---- | C] () -- C:\Users\Fips\Desktop\Kfm. Mitarbeiter Hänsel jobmorgen+MM 20.12.2012.pdf
[2012.10.19 08:02:08 | 000,063,824 | ---- | C] () -- C:\Users\Fips\Desktop\SB Versicherung Hornbach stepstone 17.10.2012.pdf
[2012.10.18 08:26:19 | 000,094,567 | ---- | C] () -- C:\Users\Fips\Desktop\Automobilkaufmann AH Henzel jobbörse 17.10.2012.pdf
[2012.10.11 07:38:17 | 000,119,742 | ---- | C] () -- C:\Users\Fips\Desktop\Vertriebsassistentin Openmindz GmbH jobbörse 10.10.2012.pdf
[2012.10.10 07:14:25 | 000,000,247 | ---- | C] () -- C:\Users\Fips\Desktop\Stellenangebote - Bilfinger SE.url
[2012.10.06 09:29:37 | 000,000,261 | ---- | C] () -- C:\Users\Fips\Desktop\http--www.phoenixgroup.eu-DE-PHOENIXKarriere-stellen-Seiten-default.aspx.url
[2012.10.06 09:15:08 | 000,000,160 | ---- | C] () -- C:\Users\Fips\Desktop\Stellenangebote mit Karrieremöglichkeiten - JOSEPH VÖGELE AG.url
[2012.10.05 07:52:44 | 000,000,226 | ---- | C] () -- C:\Users\Fips\Desktop\Jobs in Mannheim, Stellenangebote Mannheim, Jobsuche StepStone.url
[2012.10.03 09:29:21 | 000,000,237 | ---- | C] () -- C:\Users\Fips\Desktop\Jobs minol.url
[2012.10.02 07:59:12 | 000,124,708 | ---- | C] () -- C:\Users\Fips\Desktop\Mitarbeiter Vertrieb Lindorff jobbörse 01.10.2012.pdf
[2012.09.28 07:44:51 | 000,123,894 | ---- | C] () -- C:\Users\Fips\Desktop\Kfm. Angestellte S+P Lion AG jobbörse 27.09.2012.pdf
[2012.09.27 10:03:26 | 000,000,270 | ---- | C] () -- C:\Users\Fips\Desktop\Stellenausschreibungen der Stadt Mannheim  Mannheim.de.url
[2012.03.16 12:26:06 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.03.16 12:26:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.03.16 12:26:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.03.16 12:26:06 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.03.16 12:26:06 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.03.16 12:26:06 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.03.16 12:26:06 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.03.16 12:26:06 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.03.16 12:26:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.03.16 12:26:06 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.03.16 12:26:06 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.03.16 12:26:06 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.03.16 12:26:06 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.03.16 12:26:06 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.03.16 12:26:06 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.03.16 12:26:06 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.03.16 12:26:06 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.03.16 12:26:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.03.16 12:26:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.14 11:29:37 | 000,000,285 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.02.12 17:25:59 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp
[2011.02.12 12:09:17 | 000,238,402 | ---- | C] () -- C:\Windows\hpoins52.dat
[2010.10.30 14:23:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.05 09:55:22 | 000,000,105 | ---- | C] () -- C:\Users\Fips\AppData\Roaming\default.pls
[2010.04.05 09:52:15 | 000,006,144 | ---- | C] () -- C:\Users\Fips\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.29 18:56:50 | 000,001,024 | ---- | C] () -- C:\Users\Fips\.rnd
[2010.03.29 18:29:50 | 000,000,732 | ---- | C] () -- C:\Users\Fips\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1141863756-409699812-2697086131-1000\$65aced6a2d514a264b6f91bbffc979bd\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1141863756-409699812-2697086131-1000\$65aced6a2d514a264b6f91bbffc979bd\n.
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
__________________
Danke + Grüsse - Sofima

Geändert von Sofima (22.10.2012 um 17:09 Uhr)

 

Themen zu System Progressive Protection - Entfernung
arbeiten, avg secure search, beitrag, entfernung, forum, gestoppt, infiziert, install.exe, interne, internet, laufen, leben, lieber, log, log's, mailprogramm, malwarebytes, morgen, nutzen, nvidia update, office 2007, origin, plug-in, programm, protection, rechner, recycle.bin, scan, secure search, sorge, system, trojan.fakealert.ssgen, vista, windows, windows vista




Ähnliche Themen: System Progressive Protection - Entfernung


  1. System Progressive Protection...
    Log-Analyse und Auswertung - 04.02.2013 (18)
  2. System Progressive Protection
    Log-Analyse und Auswertung - 23.01.2013 (16)
  3. System progressive protection
    Log-Analyse und Auswertung - 08.12.2012 (2)
  4. System Progressive Protection
    Log-Analyse und Auswertung - 08.12.2012 (2)
  5. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (1)
  6. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (13)
  7. System Progressive Protection
    Log-Analyse und Auswertung - 19.11.2012 (1)
  8. System Progressive Protection 3.7.17
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (15)
  9. System Progressive Protection (Malware) - Entfernung
    Log-Analyse und Auswertung - 08.11.2012 (19)
  10. System Progressive Protection
    Log-Analyse und Auswertung - 30.10.2012 (1)
  11. system progressive protection
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (28)
  12. Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection''
    Log-Analyse und Auswertung - 14.10.2012 (21)
  13. System Progressive Protection :(
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (1)
  14. System Progressive Protection 3.7.10
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (1)
  15. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (24)
  16. System progressive protection
    Log-Analyse und Auswertung - 21.09.2012 (3)
  17. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (1)

Zum Thema System Progressive Protection - Entfernung - Hallo Forum, heute morgen habe ich mich leider auch infiziert - Windows Vista 64 Bit. Aus den Informationen hier im Forum habe ich das Programm mit "rkill" gestoppt und mit - System Progressive Protection - Entfernung...
Archiv
Du betrachtest: System Progressive Protection - Entfernung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.