|
99 TANs Abfrage, Trojaner / Exploit.Drop.3P Hallo, auch uns hat es erwischt, beim Online Banking wurden alle 99 TANS abgefragt, ich habe immer 000000 eingegeben, um weiter zu kommen... Außerdem hatte ich in den Tagen davor 2 Anfragen von der Firewall wegen angeblicher Programme (die Namen habe ich leider nicht notiert, dürften aber evtl. zufällig generiert worden sein?), die ich aber bei google nicht gefunden habe, ich habe alle Rechte verboten. Antivir/Avira hat einige Viren gefunden, aber nur in ungeöffneten Mails im Papierkorb. Hier der Bericht von malwarebytes: ++++++++++++++ Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.13.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 HP Berlin :: HPBERLIN-PC [Administrator] 13.06.2012 22:41:48 mbam-log-2012-06-13 (23-09-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 291853 Laufzeit: 20 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\HP Berlin\AppData\Local\Temp\i4b3384111915216926048.tmp (Exploit.Drop.3P) -> Keine Aktion durchgeführt. (Ende) ++++++++++++++++++ defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:17 on 13/06/2012 (HP Berlin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- ++++++++++++++++++++ OTL logfile created on: 13.06.2012 22:47:25 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\HP Berlin\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 56,43% Memory free 11,90 Gb Paging File | 7,97 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,15 Gb Total Space | 512,68 Gb Free Space | 74,94% Space Free | Partition Type: NTFS Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS Drive E: | 698,64 Gb Total Space | 158,10 Gb Free Space | 22,63% Space Free | Partition Type: NTFS Drive O: | 1396,92 Gb Total Space | 933,09 Gb Free Space | 66,80% Space Free | Partition Type: FAT32 Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.13 22:45:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\OTL.exe PRC - [2012.05.05 09:58:41 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.12.17 17:59:06 | 000,360,448 | ---- | M] () -- C:\Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe PRC - [2011.09.14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.06.29 08:53:28 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.08 11:40:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.04 20:53:21 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.29 20:02:53 | 000,651,264 | ---- | M] (E.W.E.-Software) -- C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.01.20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe PRC - [2010.01.12 11:11:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe PRC - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe PRC - [2009.08.05 13:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2012.05.12 14:02:33 | 000,839,608 | ---- | M] () -- C:\Windows\assembly\GAC_32\SwissAcademic.Citavi.IEPicker\3.1.0.0__f59eabe05cc67589\SwissAcademic.Citavi.IEPicker.dll MOD - [2012.04.14 12:30:02 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll MOD - [2012.02.12 00:56:21 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2011.12.17 17:59:06 | 000,360,448 | ---- | M] () -- C:\Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.08.14 08:46:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll MOD - [2010.08.14 08:46:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2010.08.14 08:46:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll MOD - [2010.08.14 08:46:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2010.08.14 08:46:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll MOD - [2010.08.14 08:46:30 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2010.08.14 08:46:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2010.01.20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe MOD - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe MOD - [2009.09.15 19:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll MOD - [2009.08.05 13:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.06.10 23:41:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011.09.14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.06.29 08:53:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.08 11:40:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.01.12 11:11:24 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100) SRV - [2010.01.04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService) SRV - [2009.12.17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2006.09.14 08:56:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.29 08:53:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.29 08:53:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.01.06 19:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.11 11:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009.10.20 10:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 16:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2009.07.23 20:45:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/09/24 16:32:44] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D56565BD-FD80-481B-8232-1AAE0340DB2B} IE:64bit: - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE:64bit: - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q IE - HKCU\..\SearchScopes,DefaultScope = {C79569B9-0771-4C65-B14E-845F99A6BCD9} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{C79569B9-0771-4C65-B14E-845F99A6BCD9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKCU\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP Berlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.19 22:41:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.01.04 23:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions [2010.01.04 23:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Ebefuqkuub] C:\Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvstart.exe (E.W.E.-Software) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4010814-8B20-43BB-A662-6A72EBA2F08C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA7AE09C-7813-4011-8037-998009C97D5C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk O:\ O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.13 22:45:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\OTL.exe [2012.06.13 22:44:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C93530E5-4112-45E0-9229-CDA6C01125DD} [2012.06.13 22:44:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{21E384F2-1F97-4576-83DF-C2B7D85EAB7E} [2012.06.13 22:40:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Malwarebytes [2012.06.13 22:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.13 22:40:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.13 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 22:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.13 19:08:12 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B2A4A19C-E7D8-4EF2-ABE9-4C201E118809} [2012.06.13 19:08:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{41F77355-F864-4FA6-8812-1EFFD7126EC2} [2012.06.13 06:36:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DA17AF1B-14B8-417C-BCCD-B881CA8436A8} [2012.06.13 06:35:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED1F678F-C728-4640-B9FD-B39754FFCA78} [2012.06.12 23:29:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4F994948-BD6F-4D86-9135-715B53E8D721} [2012.06.12 23:29:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4F6AA7D4-9E2F-405D-B3EC-753434113481} [2012.06.12 19:43:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{05B08539-25FE-428D-909D-5D7B86A2BAAD} [2012.06.12 19:43:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E88E47CE-38CF-4F45-86B3-C90ADFAF861B} [2012.06.10 19:30:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7F4E82B1-2049-45A4-B1B7-A83618448794} [2012.06.10 19:30:14 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8AE92015-331C-4604-BD8A-EDE4B2B0B0C3} [2012.06.10 09:55:15 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{89C6D965-B28D-4542-8530-85E13087D1FD} [2012.06.10 09:55:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{702E4C6B-5F5E-4FEE-BE17-51BC69E6794F} [2012.06.09 18:47:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{91E4E777-C8DC-4E3B-8024-41DF27EE66E5} [2012.06.09 18:47:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{588ADE41-B615-4F70-819D-4962D6012482} [2012.06.08 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D280BC7C-107F-4C21-ACEB-1039DC55E5AD} [2012.06.08 18:16:43 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AB3B61D4-5CBC-4CFE-8EE9-4647CE3780AE} [2012.06.08 12:59:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{78A2691D-E025-44AE-BF6E-9B49F5149DE7} [2012.06.08 12:58:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{751D5D4B-D3F7-45E5-A61B-600E777E6BDE} [2012.06.08 08:48:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1A9FD92E-594B-4E9A-BD20-C45AD61C7F4E} [2012.06.08 08:48:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4D0F561B-C136-4689-B399-2845EB1EE1B6} [2012.06.07 20:37:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{02C4F674-D42B-4B1F-A94A-99320018BD9F} [2012.06.07 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{99DD9D9A-D31A-4C62-8146-5F1B55EEC496} [2012.06.07 17:53:56 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A13B247E-7B0D-40E4-A69E-9D791663E3EE} [2012.06.07 17:53:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{BB853429-FE7E-470E-A2B4-248E014BA900} [2012.06.07 08:55:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C4C4AFB1-5CCA-4085-B6A2-B05174C15FD7} [2012.06.07 08:55:36 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8561BFDB-C767-4186-BF32-D74249563EEC} [2012.06.06 14:23:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7A591E71-0880-4ADA-817D-1457972FA3B6} [2012.06.06 14:22:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E1D66E8A-EBB6-4F05-AE9D-9A24F1149EBA} [2012.06.05 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Undoab [2012.06.05 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Ewse [2012.06.05 20:35:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Roaming\Biyva [2012.06.05 08:57:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{016C9C0C-991F-4D39-AD45-47A997C95C08} [2012.06.05 08:57:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C33FE34C-AF6F-486C-AA71-4DE3F0DB4DD3} [2012.06.04 19:59:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B6FCFFDA-4145-4769-8A15-66D14AB119C8} [2012.06.04 19:59:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{44B1CA05-B2C6-43FE-B56E-56104DAC47A9} [2012.06.04 09:19:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{52AD2894-91E1-4190-BF45-98E40C30FAC8} [2012.06.04 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B1FF7ABB-C49F-468F-A1E1-A2E6CE78C504} [2012.06.03 09:52:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{29D41DA3-3E48-463B-90FF-CB6C38B4C7A6} [2012.06.03 09:52:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{967F496F-F5B9-417E-98D6-871F062DCCCF} [2012.06.02 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{36CD9A83-08E9-46A0-B376-B14892821461} [2012.06.02 09:30:59 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{70651EC8-F7E3-4D92-A738-0B090CF715C2} [2012.06.01 16:55:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F7E71045-3DCC-4D5F-868A-5A48934787E0} [2012.06.01 16:55:37 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53B68912-AB2E-44BD-9D91-0F48FA173519} [2012.06.01 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B3A08925-89DC-4B51-A740-7DD18A761801} [2012.06.01 16:16:38 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C07747A3-E4BC-4C7B-95E0-AF81A6C13FB6} [2012.06.01 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C2CCB5B9-70DC-4F10-9ADF-BE8DE68AFF2B} [2012.06.01 10:06:34 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4DEEEBA4-1C84-4BAF-B321-0BD05E6F70B4} [2012.05.31 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9DBDA530-5DF4-45BB-BB8D-0365245384A1} [2012.05.31 17:28:07 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3A9499E8-D511-4C1E-A9D5-47A826963D11} [2012.05.29 21:42:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{83D68B42-0980-46CC-B31C-034FFD0F0CBB} [2012.05.29 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C6B222DA-5B5A-41B9-813D-E6B369F2B75F} [2012.05.28 18:20:40 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6EF1CB32-E1C9-4D56-9F73-32663AFB2B7F} [2012.05.28 18:20:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{07A341F8-87EB-4F20-93A5-1EBE08D4B3D8} [2012.05.28 14:11:08 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{79DA05FE-0279-49C7-A867-9099207194C9} [2012.05.28 14:10:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{03AFFF09-7587-457C-883F-9602CC93DACF} [2012.05.28 10:17:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9C5297AF-3B92-4E4B-9F26-540468A6E08A} [2012.05.28 10:17:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5B0C219A-7FA1-4678-B254-3A007B309DB5} [2012.05.27 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A1A7149E-C5AC-493B-B777-624E95F3D442} [2012.05.27 19:17:31 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A7C9C192-28A4-43AD-8657-3F9B9AD0136C} [2012.05.27 18:55:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2AC8C6E5-FEBF-43C4-B6D5-B3A3DFD3F940} [2012.05.27 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A869FAF9-A86B-4BF4-9449-CCF243D1DE35} [2012.05.26 21:05:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{30715781-965E-4D55-8151-F30F02592B5E} [2012.05.26 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7CDC169F-F11D-40D6-8238-3096F5CFB260} [2012.05.26 10:06:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{733249B1-4B4C-4E7A-BE83-599F1078C63C} [2012.05.26 10:05:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{731D53D4-65C2-40E5-8EE8-89DE9112012F} [2012.05.25 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{FC37021C-9691-49AC-8D99-FFF281ED82A9} [2012.05.25 22:40:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{297FEBBD-841F-4D13-BF68-1C51729C6FFC} [2012.05.25 17:25:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A3A061B7-23F6-43BD-99DA-7353236F0AF8} [2012.05.25 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED10AE4E-1F6A-4AC8-AF71-50787C8C4765} [2012.05.25 17:18:05 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B36A1745-1B75-41AC-9484-FE4FD5D979D5} [2012.05.25 10:05:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CCF34A4F-51BA-473C-990C-B9C70D1407EB} [2012.05.25 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E1E7C331-9645-4A66-83E2-1B976B0B9C83} [2012.05.24 14:57:00 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Documents\Outlook-Dateien [2012.05.24 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E9D48A18-40B6-49F5-A0D5-5BDC643009AD} [2012.05.24 13:13:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A1707611-4F50-4123-9830-F098D75EA06C} [2012.05.24 13:08:34 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{4D4D96CC-8F4C-4164-A930-F122634ABA3F} [2012.05.24 13:08:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{028C8DBE-8C31-475B-B954-99D4DA1E92D0} [2012.05.23 15:55:42 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{72FD4A28-3B84-4F66-8783-D3EA31F8238E} [2012.05.23 15:55:30 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AB95AF26-5746-4317-9987-49441EE7CE67} [2012.05.22 13:54:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Desktop\Fotobuch screenshots [2012.05.22 08:59:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CE5F9612-F1CE-4E57-B581-B47C1B3E2027} [2012.05.22 08:59:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{358BF8BD-2E8C-4D65-B3F3-03DBB6825280} [2012.05.21 08:50:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D3A5E67B-9AA8-4A68-B16D-6F8DA9F9E770} [2012.05.21 08:49:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53816118-0DBA-47F4-8218-04DF976DE8BC} [2012.05.20 09:57:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A3B3184D-3ADF-457E-B060-6A353D1E1862} [2012.05.20 09:56:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{64DD1566-429F-4725-9528-3BD48C394807} [2012.05.19 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E2B2F258-B9D8-4BB3-8BF6-9D5FE146D6B1} [2012.05.19 19:08:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7A4807FA-BC3E-40FE-9D56-2965F7092B8E} [2012.05.19 10:49:58 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{65829C0E-3DD2-4445-A18E-C1D69A826AC1} [2012.05.19 10:49:46 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B0CAE6FB-6CDD-41C9-B17C-4EDA9A35AFB1} [2012.05.19 10:20:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5F238CA0-CC66-4561-8C86-DE833726C082} [2012.05.19 10:19:59 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B708D32B-0A79-4A72-8765-DFFA65A50DB7} [2012.05.18 22:42:24 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{FF7E2E0B-60BE-43B6-AF47-9AAB33449487} [2012.05.18 22:42:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{95E3847B-119F-4DD2-B3F5-F14312CDD449} [2012.05.18 21:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.05.18 21:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.05.18 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.05.18 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.05.18 21:50:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.18 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AAED0176-2F73-4F88-8DB1-7C4D560F6E72} [2012.05.18 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{64C4FA4A-0B42-4BCF-9187-457CF28BF424} [2012.05.18 16:23:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2E5AEE87-E27F-4EEF-A354-4B7DF8CD93F8} [2012.05.18 16:23:39 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E0AA62AC-D028-4700-A1CF-572FC383BB92} [2012.05.18 10:24:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8AF9130-D0C4-4F16-A2A5-3F210B07AF82} [2012.05.18 10:24:10 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{7B61B503-3EE7-480A-BC63-A07928153E83} [2012.05.17 10:06:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{53B84FC4-84D0-40F7-9753-D530474498FD} [2012.05.17 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0C21AD88-B114-4057-A23F-CEFAB6B16C8C} [2012.05.16 20:41:16 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E175EA24-EC93-4795-83BD-930CF4CF9295} [2012.05.16 20:41:02 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{101363F6-4850-44F5-BD7C-A540431C1B7F} [2012.05.15 19:23:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CF39A5E8-B3C5-4ADF-9C18-7329D8D5159B} [2012.05.15 19:23:09 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F3BDE033-C33B-4824-93C8-17A9074A0535} [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.13 22:45:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\OTL.exe [2012.06.13 22:45:36 | 000,050,477 | ---- | M] () -- C:\Users\HP Berlin\Desktop\Defogger.exe [2012.06.13 22:40:49 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.06.13 22:07:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.13 18:27:45 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 18:27:45 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 18:26:38 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 18:26:38 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 18:26:38 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 18:26:38 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 18:26:38 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 18:19:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.13 18:19:24 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys [2012.06.09 20:12:36 | 001,757,754 | ---- | M] () -- C:\Users\HP Berlin\Desktop\phishing.psd [2012.05.26 12:43:35 | 000,000,340 | ---- | M] () -- C:\Users\HP Berlin\Desktop\CD-Laufwerk - Verknüpfung.lnk [2012.05.25 17:16:14 | 001,740,203 | ---- | M] () -- C:\Users\HP Berlin\Desktop\04 Choral _ In Dir ist Freude.mp3 [2012.05.25 17:15:29 | 018,738,834 | ---- | M] () -- C:\Users\HP Berlin\Desktop\BBIS - End Of The Year Celebration - 5c.zip [2012.05.18 21:52:33 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.13 22:45:35 | 000,050,477 | ---- | C] () -- C:\Users\HP Berlin\Desktop\Defogger.exe [2012.06.13 22:40:49 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.06.09 20:12:36 | 001,757,754 | ---- | C] () -- C:\Users\HP Berlin\Desktop\phishing.psd [2012.05.26 12:43:35 | 000,000,340 | ---- | C] () -- C:\Users\HP Berlin\Desktop\CD-Laufwerk - Verknüpfung.lnk [2012.05.25 17:15:28 | 018,738,834 | ---- | C] () -- C:\Users\HP Berlin\Desktop\BBIS - End Of The Year Celebration - 5c.zip [2012.05.18 21:52:33 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.23 21:25:53 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe [2011.06.08 16:51:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.06.08 16:51:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.06.08 16:51:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.06.08 16:51:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.06.08 16:51:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.06.08 16:51:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.06.08 16:51:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.06.08 16:51:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.06.08 16:51:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.06.08 16:51:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.06.08 16:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.06.08 16:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.06.08 16:51:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.06.08 16:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.06.08 16:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.06.08 16:51:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.06.08 16:51:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.06.08 16:51:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.06.08 16:51:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.10.14 21:08:49 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010.06.15 20:57:35 | 000,005,120 | ---- | C] () -- C:\Users\HP Berlin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini < End of report > +++++++++++++++++++++++++ OTL Extras logfile created on: 13.06.2012 22:47:25 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\HP Berlin\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 56,43% Memory free 11,90 Gb Paging File | 7,97 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,15 Gb Total Space | 512,68 Gb Free Space | 74,94% Space Free | Partition Type: NTFS Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS Drive E: | 698,64 Gb Total Space | 158,10 Gb Free Space | 22,63% Space Free | Partition Type: NTFS Drive O: | 1396,92 Gb Total Space | 933,09 Gb Free Space | 66,80% Space Free | Partition Type: FAT32 Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe:*:Designer.exe -- () "C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe:*:Designer.exe -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A6723F1-3AA5-4178-A134-378DFD45C9DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{2F5FB749-1B56-4F53-8ADB-1AE77AC19E15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{30F7E1EA-4ACC-4B21-90F4-3266647E4E0B}" = lport=139 | protocol=6 | dir=in | app=system | "{37982EEA-E668-4804-983F-16B4ECADA90A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3FE195CA-DACC-45C3-A17B-B519D76A3FA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{445CAABC-9528-4371-BE02-38A95611AD55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{46198814-B7C6-442B-84A0-9915B1F345AF}" = lport=10243 | protocol=6 | dir=in | app=system | "{4F7C2CFA-DF80-45BF-A619-7FD42A20FF3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{57C75115-701B-4DDB-A8D3-C6C2FC0E73F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5C139211-916A-4472-B674-4F9588905141}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{66C05EB8-41FA-432B-978B-F81DD97BD24C}" = lport=445 | protocol=6 | dir=in | app=system | "{73AB7051-BCB8-4F39-8850-013CBE62F07E}" = rport=139 | protocol=6 | dir=out | app=system | "{7B127F56-E23A-40B6-A3E1-0BFBE18201C4}" = lport=137 | protocol=17 | dir=in | app=system | "{7B8EB3BD-48B0-410B-BB7B-729068BF66AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7B915E9C-D0BD-497E-96FC-7D73C7A094F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7EAF5E7C-22AA-425E-9236-D9AE254B7768}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{893E1496-5BAF-4611-B4F3-35F6958A15AF}" = rport=445 | protocol=6 | dir=out | app=system | "{A11796D3-B610-4572-B96B-B5733AD49081}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A789C1F8-BDA6-4E11-AB15-94B64B29EAEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B99B63A6-6704-4806-A31A-CBD27FF86385}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C46FD838-F370-4FB8-9BBD-BFE2BB3D21AE}" = rport=138 | protocol=17 | dir=out | app=system | "{D570279A-C23E-45E3-98B9-6293B8109E35}" = rport=137 | protocol=17 | dir=out | app=system | "{D83548CD-891C-4AF8-A147-227D4CEEBE80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F3DCE4C2-A6BA-40DF-A559-C756A07A84E2}" = lport=2869 | protocol=6 | dir=in | app=system | "{FC62FB21-724A-4002-8F9B-45D678464F21}" = rport=10243 | protocol=6 | dir=out | app=system | "{FF93FBAD-D33D-44A0-8823-5E1F2B265085}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00426580-9ED5-4086-84F4-BCD2D955E7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{04157473-AD19-427C-A1EC-E2E2B8A5B405}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe | "{06011756-9F1E-488C-8488-0BEFA68DB070}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{0E644D02-DA0A-4740-97A5-1DFC549EBB46}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe | "{1038B6B3-8008-4289-91FA-BB024639C61F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1246896F-3FB6-4B4A-AE7E-76A6D712B4BD}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe | "{49D25E51-A077-455D-BBFD-EFDDE6F92F4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4A6B2281-4B33-4A87-B3D4-C1FC43DEAEA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5D9632EA-5BF4-47E5-BA2E-A24ADBA0F1EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{62C37E21-43C8-45B1-9CCF-948FC7DC5C14}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{6FD5C595-8E48-45E4-ABD5-E063803224B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{73E77AE3-AB57-48D1-A9EC-557C04A8C3F3}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | "{75E23F31-B9E5-4DB8-AFFF-79297D1D67F2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{7AC716B8-197A-465E-A9B9-04815AC0B2C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{88EE2069-9573-4CF0-9FA2-B178C3A5849E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{89F109EA-945C-48CA-8C36-1810DD70A418}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8BB68255-F14C-48C0-A050-AA89F03C896A}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | "{9ACDEE99-9124-4EFE-B3AA-AF8F9D5BE477}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{9D04A4BE-A3FB-40C5-B433-60432A99EA17}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe | "{9E39D92A-B621-4941-AE43-902B9C4FBEE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F5CD7B7-9201-45E5-942F-F93CAA8E8ECF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9FFDAA89-1AB4-46DC-B94C-8FFE4C74FB54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AD814EF6-5D1A-427D-8497-13D08AA46E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{ADAAE05A-71EB-4674-A1C2-72D8370ED6EE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C5F1BEA8-0071-44F1-AA8A-E83DBF173EED}" = protocol=6 | dir=out | app=system | "{CA37F01F-C9E8-4534-BE0C-5819A8AB164F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CBFBAAD6-7115-40EE-94B9-9CE0054EF007}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CD11C58A-E577-48D9-B13F-31E458643A14}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D112E899-0A10-4EDF-8B84-7032A3705F11}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{DD37C8FA-FBA3-4D7C-BEEC-AED4EB6E5D57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EEA85D8E-D5B6-489E-A41B-6642922D4302}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F8AC9631-8608-4EEB-A96B-B424083CC915}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{102458A7-93BA-4D2D-B502-45DF3BB2900A}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=6 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | "TCP Query User{84C1C32E-56CB-4A32-B885-A62A7503272E}C:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe | "TCP Query User{A5A45BC6-9DCF-4B5B-A37A-EA078AEC33B8}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=6 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | "TCP Query User{E52E0D2E-1531-4222-BDA3-D944DD821488}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe | "UDP Query User{541FCEAC-C572-4E00-962C-F65FB624CE20}C:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe | "UDP Query User{7DC7B10E-DB97-4F83-88FD-6ECF7E8525C0}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe | "UDP Query User{E869A862-D593-4352-B36B-50FBC58E2511}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=17 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | "UDP Query User{FA483786-E7FA-404E-9D26-E6AC6A497359}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=17 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu "{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10 "{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0 "{3BBD5B14-D5E1-4863-946F-BE91A2B0C3AE}" = Spamihilator 1.0.0 (64-Bit) "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290 "{48F04AD2-77E9-45F3-8A4F-F5D38E519F02}" = BOINC "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "OfficeTrial" = Testversion von Microsoft Office Home and Student 2007 "PC-Doctor for Windows" = Hardwarediagnosetools "PremElem100" = Adobe Premiere Elements 10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer "{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj "{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8 "{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover "{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only) "{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help "{A1A2ACDC-0C22-4EB1-B958-1898A93DAF28}" = TV Movie ClickFinder "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4 "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite "{ADFB7C0D-854E-4FDA-8861-9447F182AEF9}" = Dynamic Draw 5.4 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ECE80888-45E5-46FD-8E0C-FEF3648847BB}" = Sibelius Scorch (all browsers) "{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8781-9705-0578-2960" = Medienmanager 1.3.0 "8BF2152B-6835-4FF3-A2EC-5BDAB46DCDFF_is1" = Accord CD Ripper Free 6.3.2 "Adobe AIR" = Adobe AIR "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10 "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9 "Astrorix Gold" = Astrorix Gold "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode) "Aura Video Converter_is1" = Aura Video Converter 1.2.3 "Aura4You Software Manager_is1" = Aura4You Software Manager 1.0.1 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Carlton Books Demo" = Carlton Books Demo "CassetteMate" = CassetteMate "Cell_Biology_Interactive" = Cell Biology Interactive "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "CSCLIB" = Canon Camera Support Core Library "Cuber Extreme" = Cuber Extreme "Designer 2.0_is1" = Designer 2.0 "EasyBits Magic Desktop" = Magic Desktop "EOS Utility" = Canon Utilities EOS Utility "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "FFsim" = Feuerwehr-Simulator 2010 "Free 3D Video Maker_is1" = Free 3D Video Maker version 1.0.1.426 "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.26.602 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free Audio Converter_is1" = Free Audio Converter version 2.2.9 "Free Audio Dub_is1" = Free Audio Dub version 1.7.9.602 "Free Video Dub_is1" = Free Video Dub version 1.8.12.602 "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.12.602 "Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.7.25.602 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "HijackThis" = HijackThis 2.0.2 "HP Remote Solution" = HP Remote Solution "InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "IrfanView" = IrfanView (remove only) "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MultitrackStudio_is1" = MultitrackStudio Lite 6.0 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "PDF reDirect" = PDF reDirect (remove only) "PhotoStitch" = Canon Utilities PhotoStitch "PixelNet Foto Client" = PixelNet Foto Client 4.8 "Rainlendar2" = Rainlendar2 (remove only) "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RealPlayer 12.0" = RealPlayer "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service "Scratch" = Scratch "StarBall_is1" = Star Ball "TeamViewer 5" = TeamViewer 5 "TFA_Nexus" = TFA_Nexus "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.10 "WildTangent hp Master Uninstall" = HP Games "WildTangent wildgames Master Uninstall" = WildTangent-Spiele "WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.8 "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite" = Windows Live Essentials "Winsyntax" = Winsyntax 2.0 "WMBackup-BackupfürWindowsMail" = WMBackup - Windows Mail Backup "WS_FTP Pro" = Ipswitch WS_FTP Pro "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1" = Albelli Fotobücher "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.06.2012 14:20:31 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 09.06.2012 14:20:31 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 10.06.2012 07:09:06 | Computer Name = HPBerlin-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7b0 Startzeit: 01cd46de4b934026 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: b0145009-b2ec-11e1-b46b-841cc42f7090 Error - 10.06.2012 18:13:49 | Computer Name = HPBerlin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: designer.exe, Version: 0.0.0.0, Zeitstempel: 0x4ec50df4 Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.3.3.0, Zeitstempel: 0x475599d5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000acf7 ID des fehlerhaften Prozesses: 0x283c Startzeit der fehlerhaften Anwendung: 0x01cd473c88738bd5 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\fotobuch\Designer 2.0\designer.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\fotobuch\Designer 2.0\QtCore4.dll Berichtskennung: 8d509e00-b349-11e1-8fb3-aae99c273e92 Error - 12.06.2012 17:22:00 | Computer Name = HPBerlin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: avgnt.exe, Version: 10.0.13.18, Zeitstempel: 0x4beab9be Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00015146 ID des fehlerhaften Prozesses: 0xf7c Startzeit der fehlerhaften Anwendung: 0x01cd48e14b4782ba Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a5157435-b4d4-11e1-820e-ed0319ecffe2 Error - 12.06.2012 23:12:35 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.06.2012 23:12:35 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.06.2012 23:12:35 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.06.2012 23:12:35 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.06.2012 23:12:35 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 05.06.2012 02:54:52 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 07.06.2012 11:50:29 | Computer Name = HPBerlin-PC | Source = DCOM | ID = 10005 Description = Error - 07.06.2012 11:50:28 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 07.06.2012 11:50:29 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 09.06.2012 12:48:47 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. Error - 09.06.2012 14:17:36 | Computer Name = HPBerlin-PC | Source = DCOM | ID = 10016 Description = Error - 09.06.2012 14:17:36 | Computer Name = HPBerlin-PC | Source = DCOM | ID = 10016 Description = Error - 12.06.2012 17:21:53 | Computer Name = HPBerlin-PC | Source = DCOM | ID = 10005 Description = Error - 12.06.2012 17:21:53 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 12.06.2012 17:21:53 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > ++++++++++++++++++++++++++ Jetzt wisst ihr alles über mich... shopgirl86 |
Hi, von einem sauberen Rechner aus alles Paswörter (Ebay, Amazon etc.) ändern! Fix für OTL:
Code:
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris |
Hallo, danke, dass du dich des Problems angenommen hast. Hier mal die Sache mit OTL: Code: All processes killed |
Hi, bitten noch das Log von MAM posten... chris |
na klar ;-) das hat nur länger gedauert, wie du eh am log siehst. hier ists: +++++++++++ Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.14.08 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 HP Berlin :: HPBERLIN-PC [Administrator] 14.06.2012 18:42:51 mbam-log-2012-06-14 (18-42-51).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1243262 Laufzeit: 5 Stunde(n), 10 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ++++++++++++++ ist er jetzt weider sauber? *hoff* danke, shopgirl86 |
Hi, sieht gut aus, erstelle und poste nochmal ein neues OTL-Log... chris |
hier das neue log von otl: OTL Logfile: Code: OTL logfile created on: 15.06.2012 23:18:14 - Run 2das extras file hat er nicht neu angelegt? kann das sein? danke, shopgirl86 |
Hi, hmm, da ist noch was faul/gefällt mir nicht...(ein Verzeichnis ist wieder aufgetaucht und die vielen CLS-IDs)... In den abgesicherten Modus (F8 beim Booten drücken) und dann CF laufen lassen: Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris |
hier das logfile: Code: ComboFix 12-06-15.06 - HP Berlin 16.06.2012 11:33:00.1.8 - x64und gleich noch mal otl, falls du das brauchst: OTL Logfile: Code: OTL logfile created on: 16.06.2012 12:01:00 - Run 3danke, shopgirl86 |
Hi, zur Sicherheit noch eine Überprüfung von zwei Files... Dateien Online überprüfen lassen:
Code: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.sys
chris |
Hallo, hier die ergebnisse: +++++ c:\windows\SysWOW64\bgsvcgen.exe +++++ SHA256: 24ff3254680e46b5f3822d26e9aa5020b4b9809ac7b4ff32d95b7d4ead808ad5 SHA1: 02f2cf9d63038a46243837e723224b00668aa55e MD5: acc9c8c560c567fad6f79c977ab2ea09 File size: 142.1 KB ( 145504 bytes ) File name: C:\Windows\SysWOW64\bgsvcgen.exe File type: Win32 EXE Detection ratio: 0 / 42 Analysis date: 2012-06-18 07:32:41 UTC ( 0 Minuten ago ) ++++++++++++++++++++++++ außerdem steht beim teufelchen eine 2 und beim engelchen eine 0. Die zweite Datei sehe ich zwar im Windows Explorer, aber nicht im Auswahlmenü vom Scanner (da sehe ich überhaupt nur 5 oder 6 Dateien in diesem Ordner), ich konnte sie daher nicht scannen lassen... Die Zugriffsberechtigungen kann ich dank W7 (obwohl Admin) auch nicht ändern, falls es daran liegt. Danke, shopgirl86 |
Hi, kopiere den Pfad/Datei direkt in das Auswahlfenster von Virustotal... Code: C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.sys |
das habe ich schon versucht, geht nicht. wenn sich das fenster öffnet, wo ich die datei auswählen kann, kann ichs zwar reinkopieren, wenn ich dann aber auf "öffnen" klicke, meint windows, dass es diese datei nicht gibt. ich weiß aber, dass sie da ist... |
Hi,
Code: netsvcs
chris |
here it is: OTL Logfile: Code: OTL logfile created on: 18.06.2012 11:05:05 - Run 4 |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 20:54 Uhr. |
Copyright ©2000-2026, Trojaner-Board