| Drummer19 | 25.01.2013 01:15 |
Verschlüsselungs-Trojaner: Trojan.Win32.Yakes.bshd, Trojan.Win32.Bublik.abyj
Leider hat sich über das ahnungslose Öffnen eines Anhangs einer Email auch ein Trojaner bei uns im System festgesetzt und Dateien wie Bilder, Dokumente und Musik "verschlüsselt". Um Hilfe wäre ich sehr dankbar.
1. Ergebnis Malwarebytes Anti-Malware Scan: Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.01.24.10
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Claudia :: NAME-4F52F3E5AD [Administrator]
Schutz: Aktiviert
24.01.2013 22:51:06
MBAM-log-2013-01-25 (00-34-04).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 371506
Laufzeit: 1 Stunde(n), 40 Minute(n), 20 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 3
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe (Security.Hijack) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Dokumente und Einstellungen\Claudia\Eigene Dateien\Downloads\DecryptHelper-0.5.3(1).exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Claudia\Eigene Dateien\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
(Ende)
2. Ergebnis OTL Scan:
OTL.Txt
OTL Logfile: Code:
OTL logfile created on: 25.01.2013 01:02:59 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Claudia\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,28% Memory free
3,72 Gb Paging File | 2,89 Gb Available in Paging File | 77,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 68,95 Gb Free Space | 46,26% Space Free | Partition Type: NTFS
Computer Name: NAME-4F52F3E5AD | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Claudia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\64bfc7fc01a4a79ce6b2c433c2e6e1a9\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\58ee03cb0f505b226bfe97c0e879005f\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\51e7151c1420690c754d7f986c4b1c42\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\91442e74da926f6b2c33b5754014940d\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\33ff7d73f01be8329a95c6e03f1dd555\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()
========== Services (SafeList) ==========
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sesvc) -- C:\Programme\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (IntelIde) -- System32\DRIVERS\intelide.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )
DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (Imagedrv) -- C:\WINDOWS\system32\drivers\imagedrv.sys (Ahead Software AG and its licensors)
DRV - (SiSide) -- C:\WINDOWS\system32\drivers\siside.sys (Silicon Integrated Systems Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2054990761-2770904724-9636954-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2054990761-2770904724-9636954-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2054990761-2770904724-9636954-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C FC 36 D1 9D 3F CA 01 [binary data]
IE - HKU\S-1-5-21-2054990761-2770904724-9636954-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2054990761-2770904724-9636954-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2054990761-2770904724-9636954-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Eigene Dateien\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.21 18:55:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.01.10 07:57:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2011.01.10 19:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Extensions
[2011.01.10 19:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.23 20:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\1ztnrbgb.default\extensions
[2013.01.21 18:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.01 11:00:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013.01.21 18:55:26 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2013.01.10 08:15:43 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.10 08:15:43 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.01.10 08:15:43 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.10 08:15:43 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.10 08:15:43 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.10 08:15:43 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Claudia\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2054990761-2770904724-9636954-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D119899-91DF-438D-B420-D3AEAA02E269}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5656af75-4540-11e2-a1b7-001644c0866e}\Shell - "" = AutoRun
O33 - MountPoints2\{5656af75-4540-11e2-a1b7-001644c0866e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5656af75-4540-11e2-a1b7-001644c0866e}\Shell\AutoRun\command - "" = E:\DGuard.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\DGuard.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.25 00:58:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2013.01.25 00:58:10 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2013.01.24 22:47:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Malwarebytes
[2013.01.24 22:47:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Claudia\Desktop\OTL.exe
[2013.01.24 19:44:56 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.01.24 19:29:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Claudia\Startmenü\Programme\JPEG Recovery Pro
[2013.01.24 19:29:36 | 000,000,000 | ---D | C] -- C:\Programme\JPEG Recovery Pro
[2013.01.24 19:26:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2013.01.24 19:18:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\www.shadowexplorer.com
[2013.01.24 19:18:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ShadowExplorer
[2013.01.24 19:18:11 | 000,000,000 | ---D | C] -- C:\Programme\ShadowExplorer
[2013.01.24 19:13:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Claudia\Desktop\Neuer Ordner
[2013.01.24 19:12:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\JPEGsnoop
[2013.01.24 15:59:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.24 15:59:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.24 15:59:19 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.24 15:59:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.23 14:55:55 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2013.01.21 18:55:11 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.01.18 17:59:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in
[2013.01.18 17:59:16 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2013.01.18 17:49:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013.01.10 08:15:52 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2013.01.10 08:15:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2013.01.10 07:57:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2012.12.29 14:09:56 | 000,000,000 | ---D | C] -- C:\stick
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.01.25 01:01:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Claudia\Desktop\OTL.exe
[2013.01.25 01:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.01.25 00:58:11 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.01.25 00:35:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.25 00:35:45 | 2010,296,320 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.25 00:30:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.24 22:47:47 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.24 19:29:37 | 000,001,599 | ---- | M] () -- C:\Dokumente und Einstellungen\Claudia\Desktop\JPEG Recovery Pro 5.lnk
[2013.01.24 19:18:18 | 000,001,538 | ---- | M] () -- C:\Dokumente und Einstellungen\Claudia\Desktop\ShadowExplorer.lnk
[2013.01.24 17:43:32 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.24 17:13:35 | 000,463,362 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.24 17:13:35 | 000,444,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.24 17:13:35 | 000,086,298 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.24 17:13:35 | 000,072,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.23 15:05:32 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.19 17:08:23 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013.01.12 15:47:29 | 000,026,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Claudia\Desktop\XDaspDaepDTeplTeXlT
[2013.01.09 21:04:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.09 14:31:44 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 14:31:43 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 13:58:24 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Claudia\Desktop\Microsoft Office Word 2007.lnk
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.01.25 00:58:11 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.01.24 19:29:37 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Claudia\Desktop\JPEG Recovery Pro 5.lnk
[2013.01.24 19:18:18 | 000,001,538 | ---- | C] () -- C:\Dokumente und Einstellungen\Claudia\Desktop\ShadowExplorer.lnk
[2013.01.24 19:06:58 | 2010,296,320 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.24 15:59:22 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.12 18:24:14 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012.02.18 10:52:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.03.18 18:40:45 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011.03.18 18:40:45 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2008.06.02 14:46:17 | 000,018,432 | ---- | C] () -- C:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2007.10.10 18:02:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.01.24 16:10:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator.NAME-4F52F3E5AD\Anwendungsdaten\Thunderbird
[2012.01.27 17:11:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2010.02.28 13:55:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.03.18 18:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.03.13 17:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Philips
[2008.09.19 12:57:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.09.25 11:38:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions
[2010.09.24 13:18:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013.01.23 20:18:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2011.02.19 10:08:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\HTC
[2011.07.27 16:51:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.07.29 18:22:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\ImgBurn
[2013.01.24 19:12:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\JPEGsnoop
[2008.08.26 11:35:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Klett
[2009.11.04 14:36:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\OpenOffice.org
[2011.05.29 13:09:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\PC Suite
[2008.12.07 19:01:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\ScanSoft
[2011.01.10 19:38:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Thunderbird
[2013.01.24 19:18:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\www.shadowexplorer.com
[2011.12.20 19:21:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\.minecraft
[2011.01.13 16:19:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Amazon
[2013.01.24 15:11:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\AskToolbar
[2013.01.24 15:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\calibre
[2012.09.10 15:01:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\eBookConverter
[2011.03.25 18:44:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\HTC
[2011.02.18 22:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.03.02 18:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\ICQ
[2010.11.27 13:57:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\ImgBurn
[2008.12.10 15:28:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Klett
[2012.01.17 15:18:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\LaunchPad
[2012.07.12 18:25:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Leadertech
[2013.01.24 15:11:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\MSNInstaller
[2009.11.14 10:15:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\OpenOffice.org
[2011.02.24 16:45:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\PC Suite
[2011.05.28 19:24:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Samsung
[2010.09.18 17:05:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\ScanSoft
[2013.01.24 15:12:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TeamViewer
[2010.10.18 13:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Thunderbird
[2013.01.24 15:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\TS3Client
[2013.01.24 15:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Udxi
[2013.01.24 15:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Uwvue
[2010.09.25 11:38:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\WindSolutions
[2013.01.23 19:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Ycfyy
========== Purity Check ==========
< End of report >
--- --- ---
OTL.Extras
OTL Logfile: Code:
OTL Extras logfile created on: 25.01.2013 01:03:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Claudia\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,28% Memory free
3,72 Gb Paging File | 2,89 Gb Available in Paging File | 77,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 68,95 Gb Free Space | 46,26% Space Free | Partition Type: NTFS
Computer Name: NAME-4F52F3E5AD | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-2054990761-2770904724-9636954-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Programme\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"I:\ICQ7.0\ICQ.exe" = I:\ICQ7.0\ICQ.exe:*:Enabled:ICQ7
"I:\ICQ7.0\aolload.exe" = I:\ICQ7.0\aolload.exe:*:Enabled:aolload.exe
"E:\ICQ7.0\ICQ.exe" = E:\ICQ7.0\ICQ.exe:*:Enabled:ICQ7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\TeamViewer3\TeamViewer.exe" = C:\Programme\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"I:\ICQ7.0\ICQ.exe" = I:\ICQ7.0\ICQ.exe:*:Enabled:ICQ7
"I:\ICQ7.0\aolload.exe" = I:\ICQ7.0\aolload.exe:*:Enabled:aolload.exe
"E:\ICQ7.0\ICQ.exe" = E:\ICQ7.0\ICQ.exe:*:Enabled:ICQ7
"E:\Games\Others\GameData\BattlefrontII.exe" = E:\Games\Others\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\Eigene Dateien\iTunes.exe" = C:\Programme\iTunes\Eigene Dateien\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5797BB40-57F5-4CFC-89C3-1818058BB764}" = Sven Spielesammlung
"{5B079F85-A24D-4642-BF1A-32D5A6B3A003}" = calibre
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CA9EB2CC-FFF0-498E-A784-21D2A77774F2}" = FORUM GesundheitsMedien GmbH Physiotherapie im Bild I-2008
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ePubDRMRemoval" = ePub DRM Removal
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"JPEG Recovery Pro5.0" = JPEG Recovery Pro 5.0
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PE Builder_is1" = PE Builder 3.1.10a
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"ShadowExplorer_is1" = ShadowExplorer 0.9
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 3" = TeamViewer 3
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2054990761-2770904724-9636954-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.08.2012 09:31:03 | Computer Name = NAME-4F52F3E5AD | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 06.10.2012 12:30:50 | Computer Name = NAME-4F52F3E5AD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 11.0.0.4454, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.10.2012 12:58:35 | Computer Name = NAME-4F52F3E5AD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung thunderbird.exe, Version 14.0.0.4577, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 13.10.2012 12:59:55 | Computer Name = NAME-4F52F3E5AD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msimn.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 23.01.2013 10:05:41 | Computer Name = NAME-4F52F3E5AD | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 23.01.2013 11:27:26 | Computer Name = NAME-4F52F3E5AD | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 24.01.2013 12:29:47 | Computer Name = NAME-4F52F3E5AD | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 24.01.2013 12:29:47 | Computer Name = NAME-4F52F3E5AD | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 24.01.2013 12:29:47 | Computer Name = NAME-4F52F3E5AD | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 24.01.2013 17:49:42 | Computer Name = NAME-4F52F3E5AD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.70.0.9, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 24.01.2013 13:41:55 | Computer Name = NAME-4F52F3E5AD | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 24.01.2013 13:41:55 | Computer Name = NAME-4F52F3E5AD | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 24.01.2013 13:41:55 | Computer Name = NAME-4F52F3E5AD | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 24.01.2013 13:41:55 | Computer Name = NAME-4F52F3E5AD | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 24.01.2013 13:41:55 | Computer Name = NAME-4F52F3E5AD | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 24.01.2013 13:41:55 | Computer Name = NAME-4F52F3E5AD | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip WS2IFSL
Error - 24.01.2013 13:42:02 | Computer Name = NAME-4F52F3E5AD | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 24.01.2013 14:11:33 | Computer Name = NAME-4F52F3E5AD | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
001644C0866E wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 24.01.2013 17:53:55 | Computer Name = NAME-4F52F3E5AD | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
Error - 24.01.2013 19:35:59 | Computer Name = NAME-4F52F3E5AD | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
< End of report >
--- --- ---
3. Ergebnis CCleaner: Code:
360WavesPatcher (Client setup)
7-Zip 9.20 24.01.2013
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 28.05.2008
Adobe AIR Adobe Systems Incorporated 29.09.2011 2.7.1.19610
Adobe Digital Editions 25.01.2013
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 24.01.2013 11.5.502.146
Adobe Flash Player ActiveX Adobe Systems Incorporated 24.01.2013 9.0.124.0
Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 09.01.2013 179,00MB 10.1.5
Amazon MP3-Downloader 1.0.9 13.01.2011
Apple Application Support Apple Inc. 20.06.2011 52,67MB 1.5.2
Apple Mobile Device Support Apple Inc. 20.06.2011 22,07MB 3.4.1.2
Apple Software Update Apple Inc. 21.02.2009 2,16MB 2.1.1.116
Avira AntiVir Personal - Free Antivirus Avira GmbH 23.01.2013 10.2.0.719
Avira SearchFree Toolbar plus WebGuard Ask.com 29.06.2011 3,64MB 1.12.2.0
AVS Update Manager 1.0 Online Media Technologies Ltd. 23.06.2011
AVS Video Converter 8 Online Media Technologies Ltd. 23.06.2011
AVS4YOU Software Navigator 1.4 Online Media Technologies Ltd. 23.06.2011
Bonjour Apple Inc. 21.04.2011 0,97MB 2.0.5.0
Brother MFL-Pro Suite Brother Industries, Ltd. 19.09.2008 1.00
Brother MFL-Pro Suite 27.08.2008 1.00.000
calibre Kovid Goyal 25.08.2012 135,00MB 0.8.66
CCleaner Piriform 23.01.2013 3.27
ePub DRM Removal eBook Converter 24.01.2013 1.4.1
FORUM GesundheitsMedien GmbH Physiotherapie im Bild I-2008 11.12.2009 I-2008
Free M4a to MP3 Converter 6.2 ManiacTools.com 10.03.2011
High Definition Audio Driver Package - KB888111 Microsoft Corporation 20040219.000000
HTC BMP USB Driver HTC 18.02.2011 0,35MB 1.0.5375
HTC Driver Installer HTC Corporation 29.09.2011 2,06MB 3.0.0.013
HTC Sync HTC 17.06.2011 41,05MB 3.0.5517
ImgBurn LIGHTNING UK! 28.07.2010 2.5.1.0
iTunes Apple Inc. 20.06.2011 144,00MB 10.3.1.55
IZArc 4.1 Ivan Zahariev 28.02.2010 4.1
Java(TM) 6 Update 23 Sun Microsystems, Inc. 01.03.2009 90,49MB 6.0.230
Java(TM) 6 Update 3 Sun Microsystems, Inc. 30.05.2008 111,00MB 1.6.0.30
Java(TM) 6 Update 5 Sun Microsystems, Inc. 30.05.2008 114,00MB 1.6.0.50
Java(TM) 6 Update 7 Sun Microsystems, Inc. 11.09.2008 114,00MB 1.6.0.70
JPEG Recovery Pro 5.0 e.World Technology Limited 24.01.2013 5.0
Logitech Webcam Software Logitech Inc. 12.07.2012 44,29MB 12.10.1113
Logitech Webcam Software-Treiberpaket Logitech Inc. 12.07.2012 12.10.1110
LPS 2009v 3.0 USB VVR 26.10.2010 LPS 2009v 3.0 USB
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 24.01.2013 1.70.0.1100
Microsoft .NET Framework 1.1 09.01.2013
Microsoft .NET Framework 1.1 German Language Pack Microsoft 10.10.2007 3,02MB 1.1.4322
Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft Corporation 10.10.2007
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 09.01.2013 184,00MB 2.2.30729
Microsoft .NET Framework 3.0 German Language Pack Microsoft Corporation 10.10.2007
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 09.01.2013 253,00MB 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.01.2013
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 30.05.2008 1
Microsoft Office Access 2003 Runtime Microsoft Corporation 09.01.2013 430,00MB 11.0.8173.0
Microsoft Office Enterprise 2007 Microsoft Corporation 09.01.2013 12.0.6612.1000
Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 11,21MB 14.0.5130.5003
Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.01.2013 0,49MB 2.0.4024.1
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 30.05.2008
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29.07.2009 0,11MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 29.09.2011 4,61MB 8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 29.10.2009 0,15MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 10,20MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28.10.2009 10,28MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 15.11.2010 10,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 10,20MB 9.0.30729.6161
MobileMe Control Panel Apple Inc. 28.04.2011 11,32MB 3.1.6.0
Mozilla Firefox 18.0.1 (x86 de) Mozilla 22.01.2013 18.0.1
Mozilla Maintenance Service Mozilla 23.01.2013 18.0.1
Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 11.01.2013 17.0.2
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 20.09.2008 2,62MB 4.20.9848.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 2,67MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 2,77MB 4.20.9876.0
MSXML 4.0 SP3 Parser Microsoft Corporation 18.02.2011 2,87MB 4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 14.07.2012 2,99MB 4.30.2114.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 09.01.2013 3,01MB 4.30.2117.0
MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 19.02.2011 2,99MB 4.30.2107.0
MSXML 6.0 Parser (KB933579) Microsoft Corporation 10.10.2007 1,31MB 6.10.1200.0
NAVIGON Fresh 3.4.1 NAVIGON 27.01.2012 3.4.1
Need for Speed™ Carbon
Nero 6 Demo 09.03.2011
OpenOffice.org 3.1 OpenOffice.org 04.11.2009 356,00MB 3.1.9420
PaperPort Image Printer Nuance Communications, Inc. 19.09.2008 1,98MB 1.00.0000
PC Connectivity Solution Nokia 18.03.2011 9,25MB 8.15.0.0
PE Builder 3.1.10a Bart Lagerweij
PhotoScape 16.10.2009
Picasa 3 Google, Inc. 01.03.2009 3.6
QuickTime Apple Inc. 24.12.2010 73,73MB 7.69.80.9
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 30.05.2008 5.10.0.5512
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 30.05.2008
REALTEK USB Wireless LAN Driver REALTEK Semiconductor Corp. 30.05.2008 6.1082.0504.2007
Safari Apple Inc. 21.04.2011 41,27MB 5.33.21.1
SAMSUNG Mobile Composite Device Software 18.03.2011
Samsung Mobile Modem Device Software 18.03.2011
SAMSUNG Mobile Modem Driver Set 18.03.2011
Samsung Mobile phone USB driver Software 18.03.2011
SAMSUNG Mobile USB Modem 1.0 Software 18.03.2011
SAMSUNG Mobile USB Modem Software 18.03.2011
SAMSUNG USB Mobile Device Software 18.03.2011
SamsungConnectivityCableDriver Samsung 18.03.2011 0,62MB 6.83.6.2.1
ScanSoft PaperPort 11 Nuance Communications, Inc. 19.09.2008 131,00MB 11.1.0000
SCHLECKER Foto Digital Service 27.07.2010
ShadowExplorer 0.9 ShadowExplorer.com 24.01.2013 0.9.462.0
Skype™ 5.10 Skype Technologies S.A. 06.09.2012 19,46MB 5.10.116
Sprachtrainer Fonts Ernst Klett Verlag GmbH 26.08.2008 0,90MB 1.00.01
SUPER © Version 2010.bld.42 (Nov 7, 2010) eRightSoft 15.11.2010 Version 2010.bld.42 (Nov 7, 2010)
Sven Spielesammlung 15.11.2009 1.00.0000
TeamSpeak 3 Client TeamSpeak Systems GmbH 25.01.2013
TeamViewer 3 TeamViewer GmbH 01.10.2008
VideoLAN VLC media player 0.8.6f VideoLAN Team 08.06.2008 0.8.6f
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Microsoft Corporation 14.08.2010 1.0
Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 21.09.2008
Windows Internet Explorer 8 Microsoft Corporation 30.06.2009 20090308.140743
Windows Media Format 11 runtime 24.09.2008
Windows Media Player 11 24.09.2008
Windows XP Service Pack 3 Microsoft Corporation 24.09.2008 20080414.031514
Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) MobileTop 18.03.2011 02/23/2007 2.5.0.0
Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) MobileTop 18.03.2011 02/23/2007 2.5.0.0
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) Nokia 18.03.2011 10/12/2007 6.85.4.0
4. Ergebnis Hijackthis:
[code]
HiJackthis Logfile: Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:13:49, on 25.01.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Programme\ShadowExplorer\sesvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\Dokumente und Einstellungen\Claudia\Eigene Dateien\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PPort11reminder] "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Programme\ShadowExplorer\sesvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programme\Skype\Updater\Updater.exe
--
End of file - 7946 bytes
--- --- ---
Vielen Dank im Voraus!!! |
