GVU 2.10 Virus eingefangen
Hallo,
ich habe mir wohl den GVU 2.10-Virus eingefangen. Ich hoffe Ihr könnt helfen. Die Anleitung habe ich befolgt. Vielen Dank schon einmal!
Hier das OTL-Log: Code:
OTL logfile created on: 08.12.2012 15:40:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KH\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 61,25% Memory free
7,49 Gb Paging File | 5,84 Gb Available in Paging File | 77,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,39 Gb Total Space | 367,33 Gb Free Space | 81,38% Space Free | Partition Type: NTFS
Drive D: | 14,08 Gb Total Space | 1,73 Gb Free Space | 12,30% Space Free | Partition Type: NTFS
Drive E: | 11,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 99,02 Mb Total Space | 90,89 Mb Free Space | 91,78% Space Free | Partition Type: FAT32
Computer Name: ***** | User Name: KH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.12.08 14:12:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KH\Desktop\OTL.exe
PRC - [2012.10.19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012.10.15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\KH\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.02.15 11:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.02.15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.11 07:55:49 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.27 11:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.12.10 22:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010.07.21 14:33:00 | 000,008,192 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe
========== Modules (No Company Name) ==========
MOD - [2010.11.22 13:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.11.22 13:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.11.22 13:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010.07.21 14:33:00 | 000,008,192 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
========== Services (SafeList) ==========
SRV:64bit: - [2010.12.10 08:05:42 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.12.09 22:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.10.19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012.10.15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.08.11 07:55:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.02 05:44:08 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.07.21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.19 02:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.06.17 04:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.11 07:55:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.08.11 07:55:50 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.04.02 01:48:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 03:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.10 22:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.10 10:40:38 | 008,121,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.12.10 07:24:20 | 000,291,328 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.08 22:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.12.02 05:44:08 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.03 22:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.06.17 14:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.05.15 19:04:00 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.15 19:04:00 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.05.06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.29 13:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{7B514C4F-01B2-498E-93A2-2BBBB5C07E35}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{805FDDBF-9DAC-4FAC-BA50-AD2B170992A8}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{98C9BB2D-08D0-4268-8F8A-9F6D44655DA0}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{BCF1B3B6-F1EF-48B8-B389-E9255F7EAEA3}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\KH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\KH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1C69F5C-8A83-49FF-A17F-3CF1335AF439}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{661e08ed-f3fb-11e0-bad3-984be19489f9}\Shell - "" = AutoRun
O33 - MountPoints2\{661e08ed-f3fb-11e0-bad3-984be19489f9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.08 15:40:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KH\Desktop\OTL.exe
[2012.12.08 14:18:22 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Roaming\Malwarebytes
[2012.12.08 14:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.08 14:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.08 14:18:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.08 14:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.08 14:17:34 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\KH\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.07 15:45:47 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.12.07 00:36:16 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.12.06 22:49:33 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.06 22:45:48 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Roaming\Avira
[2012.12.06 22:42:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.12.06 12:42:10 | 000,000,000 | ---D | C] -- C:\Users\KH\Desktop\Hochzeitsbilder
[2012.12.06 11:54:57 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{8D8C9D63-E64C-48B3-8AC1-190957DF3C38}
[2012.12.05 17:17:04 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{BEEA316F-1DDE-4E7B-A82A-84D98B7FA8AE}
[2012.12.03 21:48:43 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{A5910E77-1082-4B81-8ED3-ED65E9645164}
[2012.11.29 13:30:52 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{0E318D20-191C-4E6B-B1DF-1A88093932B8}
[2012.11.28 22:34:59 | 000,000,000 | ---D | C] -- C:\Users\KH\Desktop\HochzeitSpieren_Pukropski52
[2012.11.28 13:13:57 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{EAEF96A8-ED76-47BA-B1F4-BFD818BC78BB}
[2012.11.23 07:53:15 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{9371A47D-763B-484A-A2EF-74AF9C4B3A52}
[2012.11.22 11:37:23 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{F490D412-C44F-4779-8047-2BBB0581C16F}
[2012.11.21 16:20:08 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{C788D553-7B88-41E2-B405-062DE7CAB8BC}
[2012.11.20 14:25:22 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{43EDF8C7-DC43-4504-AF16-AEB44684A548}
[2012.11.16 11:18:51 | 000,000,000 | ---D | C] -- C:\Users\KH\Desktop\Examenshighlights Oktober 2012
[2012.11.16 11:14:06 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{25168CF6-681B-40FF-9B8B-E429EBB5D9B9}
[2012.11.16 08:46:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.15 21:17:35 | 000,000,000 | ---D | C] -- C:\Users\KH\Desktop\Kaiser Zivilrecht Übercihst Stand 0912
[2012.11.15 21:12:32 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{B9BF2C15-2C00-42D6-BECA-7D2D2713E832}
[2012.11.13 14:41:00 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{A34D341B-BF8C-4CC2-BB5E-459B913CB27C}
[2012.11.12 21:45:14 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{B025E167-454D-469B-B482-27609FC3A708}
[2012.11.12 08:44:31 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{3C1284E7-2A8B-48F5-86E4-AFE1E5E3BE33}
[2012.11.11 06:09:58 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{055FB9C2-A180-40FE-812A-5E05FFAEEC03}
[2012.11.09 08:57:14 | 000,000,000 | ---D | C] -- C:\Users\KH\AppData\Local\{8474BDBF-0C11-42CA-944F-15C147A1102A}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.12.08 15:40:10 | 000,000,000 | ---- | M] () -- C:\Users\KH\defogger_reenable
[2012.12.08 15:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.08 15:38:04 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.08 14:18:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.08 14:13:05 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.08 14:13:05 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.08 14:12:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KH\Desktop\OTL.exe
[2012.12.08 14:12:40 | 000,050,477 | ---- | M] () -- C:\Users\KH\Desktop\Defogger.exe
[2012.12.08 14:12:17 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\KH\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.08 14:09:49 | 001,529,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.08 14:09:49 | 000,669,644 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.08 14:09:49 | 000,621,156 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.08 14:09:49 | 000,135,170 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.08 14:09:49 | 000,111,086 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.07 16:50:10 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.07 15:48:35 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012.12.06 22:51:11 | 000,001,039 | ---- | M] () -- C:\Users\KH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.06 22:42:16 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKH.job
[2012.12.06 22:42:00 | 475,094,325 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.19 08:53:25 | 000,295,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.12.08 15:40:10 | 000,000,000 | ---- | C] () -- C:\Users\KH\defogger_reenable
[2012.12.08 15:39:55 | 000,050,477 | ---- | C] () -- C:\Users\KH\Desktop\Defogger.exe
[2012.12.08 14:18:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.07 15:48:35 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2012.12.06 22:42:00 | 475,094,325 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.05 23:01:33 | 000,001,039 | ---- | C] () -- C:\Users\KH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.05 23:01:26 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.28 13:24:52 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForKH.job
[2012.11.16 11:18:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 08:39:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2011.05.31 12:07:12 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.02 01:51:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.02 01:39:25 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.01.09 11:20:12 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2011.01.09 11:13:36 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010.12.17 03:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.12.19 14:37:53 | 000,000,000 | ---D | M] -- C:\Users\KH\AppData\Roaming\1&1 Mail & Media GmbH
[2012.12.08 15:39:09 | 000,000,000 | ---D | M] -- C:\Users\KH\AppData\Roaming\Dropbox
[2011.11.07 17:12:42 | 000,000,000 | ---D | M] -- C:\Users\KH\AppData\Roaming\OpenOffice.org
[2011.05.31 10:05:14 | 000,000,000 | ---D | M] -- C:\Users\KH\AppData\Roaming\PictureMover
[2012.10.12 12:36:05 | 000,000,000 | ---D | M] -- C:\Users\KH\AppData\Roaming\SoftGrid Client
[2011.05.31 10:04:04 | 000,000,000 | ---D | M] -- C:\Users\KH\AppData\Roaming\Synaptics
[2011.06.18 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\KH\AppData\Roaming\Temp
[2011.05.31 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\KH\AppData\Roaming\TP
[2011.05.31 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\KH\AppData\Roaming\Windows Live Writer
[2011.06.02 20:58:54 | 000,000,000 | ---D | M] -- C:\Users\KH\AppData\Roaming\_MDLogs
========== Purity Check ==========
< End of report >
Hier der Extra.txt-Inhalt: Code:
OTL Extras logfile created on: 08.12.2012 15:40:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KH\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 61,25% Memory free
7,49 Gb Paging File | 5,84 Gb Available in Paging File | 77,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,39 Gb Total Space | 367,33 Gb Free Space | 81,38% Space Free | Partition Type: NTFS
Drive D: | 14,08 Gb Total Space | 1,73 Gb Free Space | 12,30% Space Free | Partition Type: NTFS
Drive E: | 11,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 99,02 Mb Total Space | 90,89 Mb Free Space | 91,78% Space Free | Partition Type: FAT32
Computer Name: KHOFF | User Name: KH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D4BBDE-CF4A-49B0-ACC3-01787B6DC500}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0C737308-F823-470A-8AA8-6CC4CEB60314}" = lport=137 | protocol=17 | dir=in | app=system |
"{0F386B60-7180-47A5-A96D-96A3718579F3}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{2B85D95F-2878-4E29-8A67-C173DFD91906}" = rport=138 | protocol=17 | dir=out | app=system |
"{306FF0BA-EBFB-4027-AB91-7C5514A249C2}" = rport=445 | protocol=6 | dir=out | app=system |
"{39C2E4B3-D02F-4A56-B274-A0028F3E05ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{403BAB0C-6956-4324-BA14-89AFF682DF58}" = lport=445 | protocol=6 | dir=in | app=system |
"{54EF2A6E-11A1-4A3A-8273-98A7AA8CBD28}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B0FB50E-8150-4972-AFBD-D1DE65FCD772}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6F62E99E-810E-4DE8-BB48-A013665E211A}" = lport=138 | protocol=17 | dir=in | app=system |
"{708CD4EC-5609-436A-BD1C-F25A82853266}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72D6C024-1E8D-40EC-82CD-B68723F1B0A6}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{7561D4D8-6502-47B0-B5D1-D20D122B2198}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A7E5D49-FF2F-4AD3-BA0D-FA62E63B6A19}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9847D281-8CED-43A2-A350-020648CB2288}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AB8984E0-A52F-4FA9-BDA1-C3E26A0BB77C}" = lport=139 | protocol=6 | dir=in | app=system |
"{C0E18BB5-6194-4308-BC56-DF938910A192}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2E1CC66-EEE6-487C-8622-66DA730AFAC5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C4C18248-6742-4D7D-A117-EF8EC312FAE6}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{C846A921-2839-4CEC-97DD-C985C12EC527}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D05A9D50-53FC-4F28-B9AB-0F2F39E57796}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{D05DD3A9-EDDD-4B24-8EF4-6D761ED14D29}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D13D21F3-2355-4198-8B01-8E57BDC64F13}" = rport=139 | protocol=6 | dir=out | app=system |
"{E2B78F53-F65A-48F0-B5FA-BEC0E218E92B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EC46B7A1-7F28-4518-91AB-2235779B21D8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0032B08-2A79-488C-96CE-BC96D57CD953}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC53D368-2DD8-4EC0-80B7-C8EB7EC747AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01607A7D-3998-4D52-A1F0-0F790B516451}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0364185F-89ED-4285-B8AF-E9717B2556DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{04F66706-254B-4FF8-B550-80D3A901792F}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{059C9190-5695-411C-9DF1-CF4384774589}" = protocol=6 | dir=in | app=c:\users\kh\appdata\roaming\dropbox\bin\dropbox.exe |
"{0756E986-7760-45CF-B20B-44E9BA64A381}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{09CC9DC4-EBF3-4929-91C9-547D6658C8E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{0D65B64C-A3F3-4804-93FA-F7856442E827}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{106101A5-7340-4212-ADF9-181DDA929F4A}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{127031BA-289C-4A1B-AD22-418BA1CA101C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1420E89F-E945-4C6C-B8B5-C39B8396878F}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{161998B3-0E4F-4EFF-950E-0DF4259F09AA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{278ECAA8-1672-453E-93FE-D822EAE618F9}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{321BFC29-BB54-4A36-B3A7-93AF2432138D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{389F25DB-2F56-4DCB-85B6-973B8EFDBE4A}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{426C4F25-9FAA-46AB-B34F-02FA1FE543BF}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{4F68F5EF-0C55-4966-A412-7F8157D72DEB}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{5415216A-5730-4AF5-A056-8123956B0688}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{57A953A3-C767-46B6-8D42-4566366A5497}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BEB9244-80C1-427D-B183-58D86F56A60F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FEB3E4D-37E8-4C8D-BD67-CEB542881735}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{712999FD-224C-45C7-8FBF-3C66F73306C0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{75BDE5F4-07C4-4572-BC3B-D504F0E38BFA}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{75DC2436-DB4B-413F-9B72-36308DCA541F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7936FF06-D12F-4655-B3BF-7C6F7E2AB8CC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7EDF880E-ECD7-4199-B575-94D083D1C41E}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{83E6D575-5F60-4A1E-BDC4-F8325350B698}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2C3DA5C-05AA-42B2-8AB6-90A6DAE22014}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5B567A5-8332-44C3-B990-31B473F313A6}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{A87A95B6-E2C5-46F4-AE4B-3F79450C957B}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{AB9C3F57-ABFB-4F05-BADB-6FE25A8510E8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B541DC21-3691-4949-9489-803366A8EB8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BBB74414-0222-4D80-AACE-41B47F655A40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF2193F9-0A0F-43EF-AD69-64198DC03320}" = protocol=6 | dir=out | app=system |
"{C404151A-582C-440F-8163-66393544D20B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D25D2656-FEE1-49DE-AA40-8571553F0BC4}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{E3BFB9B7-1B11-48BD-84C6-A811E6698C3A}" = protocol=17 | dir=in | app=c:\users\kh\appdata\roaming\dropbox\bin\dropbox.exe |
"{ED38EC02-EDB4-403A-AFD8-63265994F692}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F69E5D60-B2EA-4788-B287-97D2A283DBD7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7C8C68D-7905-4E0A-A6AD-0B05A8287997}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{4BA6A67D-D476-4EBB-A103-DC5CBE1CDD7D}C:\users\kh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kh\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{BEDDDD01-82D6-4054-BA4D-60809799744E}C:\users\kh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kh\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1B6E46D9-BD48-F831-D337-64397E7EA1DB}" = ccc-utility64
"{224EC8DF-BC76-4CE4-32B8-4D174318F7ED}" = WMV9/VC-1 Video Playback
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{A2862596-B7C3-4D7F-A227-40FEDDF1332B}" = WEB.DE Toolbar MSVC100 CRT x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E18E155E-73A9-0CCA-B796-05B09A1B5D97}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE87BA4F-9866-8332-0A4F-59864BE2196A}" = AMD Fuel
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A9A553D-A324-4C3C-B6E9-2464480BAE50}" = Catalyst Control Center - Branding
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C107330-16DF-4D39-AA74-0E5448AED9E8}" = HP Documentation
"{0F7254A8-4D75-979A-4445-EBC2EE90B6D2}" = CCC Help English
"{14D9E133-37C6-B9CB-36C5-EB76DBE80F5C}" = Catalyst Control Center Graphics Previews Common
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CC7263A-9A5E-4EFB-9BB8-67642D10FA7C}" = Steuer-Sparer 2012
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 25
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{431D963B-16AA-FAB8-3E72-82CDB466FDD8}" = CCC Help Swedish
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{49F633C6-1247-3052-F1F1-C3DC271A6E92}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54C024E2-4761-EB23-88C5-77EE8977B854}" = CCC Help Polish
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5A018BC8-CEC4-C0E2-5EB1-4DFF3CD5E052}" = CCC Help Japanese
"{5FE4D5BB-0B56-DC7D-E5A4-49DB989983CC}" = CCC Help French
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F388ED3-8C2B-222D-9CA6-38C44A3F4569}" = CCC Help Italian
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70E09E33-5C83-F272-17D5-93858F2063F2}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D12AB72-6A28-A280-0637-485760AFDBDC}" = ccc-core-static
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{81BAE41F-EF43-4902-773E-64B105245EE0}" = CCC Help Chinese Standard
"{82F6A47B-6651-0044-F871-AF99C15E4871}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98218567-28F7-0D1F-BD48-3041677E5CD4}" = CCC Help Hungarian
"{994406A3-EA5C-B7C9-B0C0-E9019ADD3521}" = CCC Help Korean
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A671E7CA-23EA-A86E-A61F-E518143670C0}" = CCC Help Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9AED85D-2194-F13C-EE99-F013DB2BD44F}" = CCC Help Russian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB32E35A-3CBE-6747-06A9-453469EF9CD2}" = CCC Help Chinese Traditional
"{ABAF4569-6EDD-EA43-1574-EBA8911859BE}" = CCC Help Greek
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B949352B-D05B-5670-836E-430CCAAE28FA}" = CCC Help Spanish
"{BC08BEE3-1503-0173-B7A5-8765AA20C08A}" = CCC Help Portuguese
"{BCB2219D-A452-80E9-5C27-F497128DE10A}" = CCC Help Norwegian
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD302920-E48F-EE44-4DBF-F58994C8BDF3}" = CCC Help Finnish
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D2AC41BC-CA8B-846C-A711-42A2C8BC05BB}" = Catalyst Control Center InstallProxy
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D902BADB-499C-EF9E-B5D3-48B36566C3A6}" = Catalyst Control Center Localization All
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DA7B4F2B-0099-EEB6-6FB8-8F794248E982}" = CCC Help Czech
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EasyBits Magic Desktop" = Magic Desktop
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PrintProjects" = PrintProjects
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089303" = Build-a-Lot - The Elizabethan Era
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.09.2012 06:40:27 | Computer Name = *****| Source = System Restore | ID = 8193
Description =
Error - 16.09.2012 12:31:34 | Computer Name = *****| Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 16.09.2012 12:31:34 | Computer Name = *****| Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0061-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 16.09.2012 12:34:39 | Computer Name = *****| Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1624 Startzeit: 01cd9428f372dacb Endzeit: 60 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 25.09.2012 02:48:37 | Computer Name = ****| Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 01.10.2012 15:14:38 | Computer Name = *****| Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 11.10.2012 10:00:29 | Computer Name = *****| Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei C:\Users\KH\Pictures\Eigene
Bilder\Madrid\Junio 2006\el último dia\el último dia 012.jpg. [ACCESS_VIOLATION
Exception!! EIP = 0x21d6da2] Bitte Avira informieren und die obige Datei übersenden!
Error - 11.10.2012 10:33:03 | Computer Name = ****| Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei C:\Users\KH\Pictures\Eigene
Bilder\Madrid\Junio 2006\Genf 13.06. - 17.06\Genf - 13.-17.6.06 - 048.jpg. [ACCESS_VIOLATION
Exception!! EIP = 0x21d6da2] Bitte Avira informieren und die obige Datei übersenden!
Error - 11.10.2012 12:31:00 | Computer Name = *****| Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei C:\Users\KH\Pictures\Eigene
Bilder\Madrid\Mayo 2006\Cumple Kathi\Cumple Kathi 023.jpg. [ACCESS_VIOLATION Exception!!
EIP = 0x21d6da2] Bitte Avira informieren und die obige Datei übersenden!
Error - 24.10.2012 10:14:17 | Computer Name = ****| Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
[ Hewlett-Packard Events ]
Error - 12.09.2012 10:24:37 | Computer Name = *****| Source = HPSF.exe | ID = 4000
Description =
Error - 14.09.2012 02:34:40 | Computer Name = ***| Source = HPSF.exe | ID = 4000
Description =
Error - 14.09.2012 02:34:42 | Computer Name = *****| Source = HPSF.exe | ID = 4000
Description =
Error - 25.09.2012 03:18:10 | Computer Name = ****| Source = HPSF.exe | ID = 4000
Description =
Error - 23.10.2012 08:10:44 | Computer Name = *****| Source = HPSF.exe | ID = 4000
Description =
Error - 23.10.2012 13:02:03 | Computer Name = *****| Source = HPSF.exe | ID = 4000
Description =
Error - 23.10.2012 15:05:34 | Computer Name = *****| Source = HPSF.exe | ID = 4000
Description =
Error - 24.10.2012 10:14:17 | Computer Name = ****| Source = HPSF.exe | ID = 4000
Description =
Error - 25.10.2012 02:49:58 | Computer Name = ****| Source = HPSF.exe | ID = 4000
Description =
Error - 01.11.2012 09:21:21 | Computer Name = *****| Source = HPSF.exe | ID = 4000
Description =
[ HP Software Framework Events ]
Error - 18.04.2012 12:10:19 | Computer Name = *****| Source = CaslWmi | ID = 5
Description = 2012.04.18 18:10:19.172|00000F24|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 23.05.2012 02:43:52 | Computer Name = *****| Source = CaslWmi | ID = 5
Description = 2012.05.23 08:43:52.464|00001DB4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 23.05.2012 02:50:10 | Computer Name = *****| Source = CaslWmi | ID = 5
Description = 2012.05.23 08:50:10.806|00001428|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 23.05.2012 02:50:32 | Computer Name = *****| Source = CaslWmi | ID = 5
Description = 2012.05.23 08:50:32.071|00001CC8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 31.05.2012 02:17:48 | Computer Name = *****| Source = CaslWmi | ID = 5
Description = 2012.05.31 08:17:48.094|0000064C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 31.05.2012 02:19:13 | Computer Name = *****| Source = CaslWmi | ID = 5
Description = 2012.05.31 08:19:13.334|00000994|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 31.05.2012 02:19:18 | Computer Name = ****| Source = CaslWmi | ID = 5
Description = 2012.05.31 08:19:18.318|00001FE4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 06.06.2012 16:35:10 | Computer Name = *****| Source = CaslWmi | ID = 5
Description = 2012.06.06 22:35:10.493|000023E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 06.06.2012 16:37:13 | Computer Name = *****| Source = CaslWmi | ID = 5
Description = 2012.06.06 22:37:13.044|00001CA0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 06.06.2012 16:37:19 | Computer Name = ****| Source = CaslWmi | ID = 5
Description = 2012.06.06 22:37:19.252|000014B8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ HP Wireless Assistant Events ]
Error - 31.05.2011 05:27:33 | Computer Name = ****| Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 31.05.2011 05:28:39 | Computer Name = ****| Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 31.05.2011 05:29:44 | Computer Name = *****| Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 31.05.2011 05:30:49 | Computer Name = *****| Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 31.05.2011 05:31:55 | Computer Name = *****| Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 31.05.2011 05:33:00 | Computer Name = ****| Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 29.06.2011 11:28:29 | Computer Name = *****| Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 08.08.2011 03:59:14 | Computer Name = *****| Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 02.05.2012 02:29:56 | Computer Name = *****| Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 11.10.2012 10:41:10 | Computer Name = *****| Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
[ System Events ]
Error - 12.12.2011 08:48:44 | Computer Name = *****| Source = bowser | ID = 8003
Description =
Error - 20.01.2012 13:47:31 | Computer Name = ***** | Source = Service Control Manager | ID = 7034
Description = Dienst "Application Virtualization Client" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 30.01.2012 08:16:22 | Computer Name = **** | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.50
mit dem Computer mit der Netzwerkhardwareadresse B4-74-9F-47-DB-D8 ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
Error - 17.02.2012 06:35:22 | Computer Name = ***** | Source = DCOM | ID = 10010
Description =
Error - 19.03.2012 07:05:52 | Computer Name = ***** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error - 19.03.2012 07:06:42 | Computer Name = KHoff | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
HP Support Assistant Service erreicht.
Error - 19.03.2012 07:06:42 | Computer Name = * | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 03.04.2012 15:24:23 | Computer Name = KHoff | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst HPWMISVC erreicht.
Error - 04.04.2012 06:40:24 | Computer Name = ****| Source = Service Control Manager | ID = 7030
Description = Der Dienst "HPWMISVC" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
Und noch das Mbam-Log: Code:
Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org
Datenbank Version: v2012.09.29.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
KH :: KHOFF [Administrator]
Schutz: Aktiviert
08.12.2012 14:19:18
mbam-log-2012-12-08 (15-33-43).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 432897
Laufzeit: 1 Stunde(n), 12 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 1
C:\Users\KH\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt.
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\KH\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt.
(Ende)
Ist ein 64Bit System, deswegen habe ich kein Gmer benutzt.
Vielen Dank nochmal im Voraus!
Gruß
KCH |
