| |  Trojan.Heur - Was tun?
 Hallo zusammen,
vor ca. 3 Wochen hatte ich erste Probleme mit meinem Laptop,da die Internetverbindung immer wieder für 1-10 Minuten abbrach.
Hatte zunächst keine Zeit mich darum zu kümmern (Urlaub etc.) bis mich ein Bekannter darauf aufmerksam gemacht hat,dass auch ein Trojaner Schuld sein kann.
Ich benutze die kostenlose Version von Avira,aber es wurde nichts gefunden.
Das Gleiche beim TrojanRemover.
Erst auf bitdefender.com wurde mir gesagt,dass ich mit dem Trojaner
"Trojan.Heur.FU.hqX@aeV!k0" infiziert sei.
Im Netz finde ich aber nichts zu diesem Trojaner und ich bin der totale Laie,sodass ich nicht weiß wie ich jetzt vorgehen muss.
Ich benutze Windows 7 Professional 64bit
OTL: Zitat:
OTL logfile created on: 17.07.2012 16:19:02 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\simon\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 69,13% Memory free
7,93 Gb Paging File | 6,60 Gb Available in Paging File | 83,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 252,89 Gb Total Space | 191,54 Gb Free Space | 75,74% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 29,48 Gb Free Space | 97,48% Space Free | Partition Type: NTFS
Computer Name: SIMON-PC | User Name: simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.17 16:18:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\simon\Desktop\OTL.exe
PRC - [2012.07.17 16:06:23 | 123,372,672 | ---- | M] () -- C:\Users\simon\Desktop\setup_11.0.0.1245.x01_2012_03_08_15_08.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.03.08 15:10:02 | 000,717,296 | ---- | M] () -- C:\Users\simon\AppData\Local\Temp\RarSFX0\9898048.exe
PRC - [2009.10.31 03:01:00 | 000,239,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe
PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2009.06.04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.17 16:06:23 | 123,372,672 | ---- | M] () -- C:\Users\simon\Desktop\setup_11.0.0.1245.x01_2012_03_08_15_08.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.12 08:50:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.20 09:09:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.31 03:01:00 | 000,239,720 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.11.25 13:45:40 | 000,153,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.03.22 03:22:25 | 000,058,896 | ---- | M] () [Kernel | System | Running] -- C:\windows\SysNative\drivers\funfrm.sys -- (funfrm)
DRV:64bit: - [2009.09.14 19:40:28 | 000,259,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.08.21 06:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.16 13:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009.07.16 05:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.07 19:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.26 00:12:40 | 001,164,656 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607)
DRV:64bit: - [2009.06.15 04:47:26 | 000,668,672 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.31 03:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.05.19 15:43:32 | 000,026,128 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009.03.20 02:02:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:02:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.08.06 14:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 09:09:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.10 22:12:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.04 12:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2010.10.13 13:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\simon\AppData\Roaming\mozilla\Extensions
[2010.10.13 13:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\simon\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.17 15:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\simon\AppData\Roaming\mozilla\Firefox\Profiles\jfdw885p.default\extensions
[2012.07.17 15:30:26 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\simon\AppData\Roaming\mozilla\Firefox\Profiles\jfdw885p.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.06.04 11:00:52 | 000,000,853 | ---- | M] () -- C:\Users\simon\AppData\Roaming\Mozilla\Firefox\Profiles\jfdw885p.default\searchplugins\11-suche.xml
[2012.06.04 11:00:52 | 000,002,209 | ---- | M] () -- C:\Users\simon\AppData\Roaming\Mozilla\Firefox\Profiles\jfdw885p.default\searchplugins\englische-ergebnisse.xml
[2012.06.04 11:00:52 | 000,010,506 | ---- | M] () -- C:\Users\simon\AppData\Roaming\Mozilla\Firefox\Profiles\jfdw885p.default\searchplugins\gmx-suche.xml
[2012.06.04 11:00:52 | 000,002,368 | ---- | M] () -- C:\Users\simon\AppData\Roaming\Mozilla\Firefox\Profiles\jfdw885p.default\searchplugins\lastminute.xml
[2012.06.04 11:00:52 | 000,005,489 | ---- | M] () -- C:\Users\simon\AppData\Roaming\Mozilla\Firefox\Profiles\jfdw885p.default\searchplugins\webde-suche.xml
[2012.01.07 15:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.20 09:09:05 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.20 09:09:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.20 09:09:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 09:09:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 09:09:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 09:09:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 09:09:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\windows\SysWow64\grpconv.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - C:\Program Files (x86)\PokerStars.TEST\PokerStarsUpdate.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\simon\Desktop\WPT Poker.lnk File not found
O9 - Extra 'Tools' menuitem : WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\simon\Desktop\WPT Poker.lnk File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E220381-9FE4-454D-9CCD-30711CFB36FD}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD30BB1C-0F16-4B2F-BDA8-7330D1B70ADB}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7150992b-bcc9-11df-8901-705ab661c1fc}\Shell - "" = AutoRun
O33 - MountPoints2\{7150992b-bcc9-11df-8901-705ab661c1fc}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.17 16:18:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\simon\Desktop\OTL.exe
[2012.07.17 16:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.17 15:50:08 | 000,000,000 | ---D | C] -- C:\Users\simon\Documents\Simply Super Software
[2012.07.17 15:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.07.17 15:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.07.17 15:49:55 | 000,000,000 | ---D | C] -- C:\Users\simon\AppData\Roaming\Simply Super Software
[2012.07.17 15:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.17 15:30:34 | 000,000,000 | ---D | C] -- C:\Users\simon\AppData\Roaming\QuickScan
[2012.07.01 20:31:36 | 000,000,000 | ---D | C] -- C:\Users\simon\AppData\Roaming\Avira
[2012.07.01 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.01 20:26:10 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012.07.01 20:26:10 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012.07.01 20:26:10 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012.07.01 20:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.01 20:26:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.23 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\simon\AppData\Local\Macromedia
[2012.06.20 11:06:51 | 000,000,000 | ---D | C] -- C:\Users\simon\Desktop\Bilder
[1 C:\Users\simon\Desktop\*.tmp files -> C:\Users\simon\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.17 16:18:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\simon\Desktop\OTL.exe
[2012.07.17 16:18:14 | 000,000,000 | ---- | M] () -- C:\Users\simon\defogger_reenable
[2012.07.17 16:17:56 | 000,050,477 | ---- | M] () -- C:\Users\simon\Desktop\Defogger.exe
[2012.07.17 16:06:23 | 123,372,672 | ---- | M] () -- C:\Users\simon\Desktop\setup_11.0.0.1245.x01_2012_03_08_15_08.exe
[2012.07.17 15:50:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 15:49:58 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.07.17 15:30:00 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 14:13:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.17 09:32:04 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 09:32:04 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 09:24:26 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 09:24:07 | 3193,380,864 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 18:55:28 | 000,097,243 | ---- | M] () -- C:\Users\simon\Desktop\598794_313664925394436_261846332_n.jpg
[2012.07.11 15:49:46 | 000,427,928 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.07.01 20:24:35 | 099,308,192 | ---- | M] () -- C:\Users\simon\Desktop\avira_free_antivirus_de12001125.exe
[2012.06.26 15:25:40 | 039,325,327 | ---- | M] () -- C:\Users\simon\Desktop\pokertracker-backup.zip
[2012.06.20 16:55:04 | 000,007,600 | ---- | M] () -- C:\Users\simon\AppData\Local\Resmon.ResmonCfg
[1 C:\Users\simon\Desktop\*.tmp files -> C:\Users\simon\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.17 16:18:14 | 000,000,000 | ---- | C] () -- C:\Users\simon\defogger_reenable
[2012.07.17 16:17:55 | 000,050,477 | ---- | C] () -- C:\Users\simon\Desktop\Defogger.exe
[2012.07.17 15:57:31 | 123,372,672 | ---- | C] () -- C:\Users\simon\Desktop\setup_11.0.0.1245.x01_2012_03_08_15_08.exe
[2012.07.17 15:49:58 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.07.17 15:49:57 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\unacev2.dll
[2012.07.17 15:49:56 | 000,153,088 | ---- | C] () -- C:\windows\SysWow64\UNRAR3.dll
[2012.07.16 18:55:28 | 000,097,243 | ---- | C] () -- C:\Users\simon\Desktop\598794_313664925394436_261846332_n.jpg
[2012.07.01 20:05:11 | 099,308,192 | ---- | C] () -- C:\Users\simon\Desktop\avira_free_antivirus_de12001125.exe
[2012.06.26 15:22:50 | 039,325,327 | ---- | C] () -- C:\Users\simon\Desktop\pokertracker-backup.zip
[2012.04.11 14:34:14 | 000,004,959 | ---- | C] () -- C:\ProgramData\oinwddee.jeg
[2012.01.23 20:03:40 | 000,000,031 | ---- | C] () -- C:\windows\Equilab.INI
[2011.10.14 11:56:17 | 000,025,016 | ---- | C] () -- C:\windows\War3Unin.dat
[2011.04.03 17:02:01 | 000,000,045 | ---- | C] () -- C:\Users\simon\AppData\Local\machpro.dat
[2011.02.07 20:50:52 | 000,007,600 | ---- | C] () -- C:\Users\simon\AppData\Local\Resmon.ResmonCfg
[2010.10.14 23:02:07 | 000,001,578 | ---- | C] () -- C:\windows\wininit.ini
[2010.10.13 13:21:22 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010.09.11 15:00:34 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2010.08.31 16:58:10 | 000,000,000 | ---- | C] () -- C:\windows\HMHud.INI
[2010.08.22 15:56:50 | 000,000,035 | ---- | C] () -- C:\windows\SIERRA.INI
========== LOP Check ==========
[2010.08.23 15:49:14 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2012.01.21 21:12:11 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\DVDVideoSoft
[2012.01.21 21:11:18 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.05 16:33:23 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\GameRanger
[2012.04.19 16:12:47 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\GetRightToGo
[2011.06.29 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\HEM Data
[2012.04.10 17:41:55 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\HoldemManager
[2012.01.02 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\ICQ
[2011.02.25 16:00:02 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\IrfanView
[2010.08.31 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\postgresql
[2012.07.17 15:30:37 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\QuickScan
[2011.08.01 11:27:19 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\Roaming
[2012.07.17 15:49:55 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\Simply Super Software
[2010.10.13 13:21:19 | 000,000,000 | ---D | M] -- C:\Users\simon\AppData\Roaming\Thunderbird
[2012.06.30 10:21:56 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
| OTL - Extras Zitat:
OTL Extras logfile created on: 17.07.2012 16:19:02 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\simon\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 69,13% Memory free
7,93 Gb Paging File | 6,60 Gb Available in Paging File | 83,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 252,89 Gb Total Space | 191,54 Gb Free Space | 75,74% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 29,48 Gb Free Space | 97,48% Space Free | Partition Type: NTFS
Computer Name: SIMON-PC | User Name: simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080F65F1-71A7-4A31-AE99-1BE045C12E13}" = lport=139 | protocol=6 | dir=in | app=system |
"{08429161-8699-438F-B8CE-EE521D94D3CF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C9350BD-C7C7-4A4A-83D3-B242F88BC8F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24A4FD00-865F-4637-A340-99A8544F06C2}" = rport=138 | protocol=17 | dir=out | app=system |
"{37C52BC9-9A3F-4A8E-968A-6BA16E7C9EFC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{394A6567-722E-48EB-A1C8-CBD11B002CC2}" = rport=137 | protocol=17 | dir=out | app=system |
"{39AFFE0A-6B32-463F-90EC-3126C81A4D25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4316ED08-18BD-484A-BE23-F8BF49DDBC5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50205A9B-C467-417B-84C7-80319426E9D9}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{58F3C28D-31AD-4E95-952D-DFD265CEAE92}" = lport=138 | protocol=17 | dir=in | app=system |
"{5AA93560-62B2-4596-A4DF-D69E8DCE2BA6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6D0BDAFD-FA78-4B2F-869B-CC92C3B876F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{88E82442-6AB8-47C0-9E96-AA29E3F602D8}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A37CAD7-3193-4B32-80C6-4D79A25C98FF}" = lport=445 | protocol=6 | dir=in | app=system |
"{B6AE4F90-3631-4DF3-A3DF-9BA05FBABCCE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{D2B382E5-A68F-4438-AD61-CF46981E7580}" = rport=445 | protocol=6 | dir=out | app=system |
"{E646F699-773F-42AA-BED2-5A883E189A1D}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009B9155-C035-4B14-A2EA-F362B92748FE}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{0210BA5B-DF71-46C3-8F3A-0E856D0DB680}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe |
"{034FBCBD-523C-487E-94BB-99172511A3F0}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{1E936D0D-6E02-4DF1-A19A-6B1CC77BB17C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{222C81A0-3D7C-497A-A50D-C52172101913}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{35B902B7-88ED-4AED-A1D7-B160AF0752C3}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{477FA936-E804-45C4-A883-8B262CFE0FE6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{4C1B83DC-B586-4385-9A35-545B347153C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{545890FE-F80C-431C-B8D0-28CC8E405EF4}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{54C419C1-0D03-403D-84BD-0A5A09F2C4F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{579286AD-F526-45AF-96E8-394C556E1039}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{59E981D2-BB35-4E8E-9148-3C0D8B738EFE}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{5B077585-6E80-46D2-A4C5-A86EBC03746F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5EBC9B13-D8D2-42AA-BE06-F640EAB64725}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7311270A-E45C-4502-A329-788638067176}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{78CF153D-9C7F-49C8-81F8-363DE6CF2047}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{7B4ED235-362D-4881-AA76-72197B6DA3F5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E28CC3A-491B-4EEB-B44E-40EF3247ED76}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{8201308F-BE8B-482D-AFF7-5E791F88E3B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{83D84AEF-F22E-4875-BACD-AC3A205F8374}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{83F42117-DEF5-4C5E-A9E0-EBF9B68155D5}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{84951422-40C8-48FD-B090-32B50F85B483}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{8A67B48A-F9D9-46D1-9B9A-2E3B822F6F35}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{996690A6-1A29-4B6C-BDE8-3CC1D8B8A808}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB702031-41C6-459F-A138-0DF9E07BF001}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{C2A403A2-809B-465F-A85D-0B86E902C6EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C568F8BC-BE4E-4F19-A75A-1F001F0B5AE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D94B4CBF-893D-4245-BC57-3FBB5B9EBE32}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{DC027FC7-4B9B-40BC-A182-CE6FE5BF5A2C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E16B579F-561D-4F39-B55D-5E48B27820DD}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{E8630CE7-7E83-4F09-B595-81146643C509}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{F802B164-099C-42E7-A6A0-44DF9CC018E1}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{FF1C9863-1552-4388-B937-2B3D8548C099}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{03C4E82A-B527-4B6C-99C6-F05ABC87F27B}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe |
"TCP Query User{6A32BA3D-B36D-4359-9C4F-F400F0AE9784}C:\program files (x86)\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 2\cod2mp_s.exe |
"TCP Query User{AC03A996-2DF5-434C-ACC4-8408F9AA353F}C:\program files (x86)\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"TCP Query User{AE893C83-A9C6-4130-AA24-AE7AAFD3BB8A}C:\program files (x86)\warcraft iii an bommelsultra\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii an bommelsultra\war3.exe |
"TCP Query User{D42750D6-9CEF-47FA-8B84-354862F5C766}C:\program files (x86)\24hpoker\pokerclient\24hpoker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\24hpoker\pokerclient\24hpoker.exe |
"TCP Query User{FFCF5E40-FFB2-4FDD-928E-23614B8C890D}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{2A76A245-F487-456E-B28B-D1E4D13BCFB0}C:\program files (x86)\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 2\cod2mp_s.exe |
"UDP Query User{37E7C79A-2E3F-4CA5-B0C2-FF543BAD837B}C:\program files (x86)\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"UDP Query User{88980C06-8AD5-45D1-93E7-B268876A815D}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe |
"UDP Query User{99CB7380-B924-4050-B586-FC089DFA378F}C:\program files (x86)\24hpoker\pokerclient\24hpoker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\24hpoker\pokerclient\24hpoker.exe |
"UDP Query User{B12D4FE3-29BC-45BD-B58E-56DE2255AA1F}C:\program files (x86)\warcraft iii an bommelsultra\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii an bommelsultra\war3.exe |
"UDP Query User{E2826912-3708-4456-9631-EE7702AA6816}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"92F4CDC794E6E4E29DC063D292D1C94F6FA1EA1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (05/19/2009 4.4.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D4131DB6-878D-4D3C-89C1-D1AFBB8E6B3D}" = PokerStrategy.com Equilab
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Betfair Poker_is1" = Betfair Poker 1.0.0
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"EasyCapture4.0" = EasyCapture
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HoldemManager" = Holdem Manager
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"IrfanView" = IrfanView (remove only)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerTracker4" = PokerTracker 4 (remove only)
"PostgreSQL 8.4" = PostgreSQL 8.4
"PROHYBRIDR" = 2007 Microsoft Office system
"TestPokerStars.com" = TestPokerStars.com
"Titan Poker" = Titan Poker
"Trojan Remover_is1" = Trojan Remover 6.8.4
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"William Hill Poker" = William Hill Poker
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WPTPoker" = WPT Poker
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d1821d843d27af9f" = PokerStrategy.com SideKick
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.07.2012 08:38:39 | Computer Name = simon-PC | Source = PostgreSQL | ID = 0
Description = 2012-07-17 14:38:39 CESTERROR: duplicate key value violates unique
constraint "ohs-unique_hand_no" 2012-07-17 14:38:39 CESTCONTEXT: COPY cash_hand_summary,
line 1: "94956 1 100 10 1787 83447601219 2012/07/17 12:37:10 2012/07/17 12:38:39 5 5 0 0 0 100.00 0.00 0.00 0..."
2012-07-17
14:38:39 CESTSTATEMENT: COPY cash_hand_summary FROM STDIN;
Error - 17.07.2012 08:38:41 | Computer Name = simon-PC | Source = PostgreSQL | ID = 0
Description = 2012-07-17 14:38:41 CESTERROR: duplicate key value violates unique
constraint "ohs-unique_hand_no" 2012-07-17 14:38:41 CESTCONTEXT: COPY cash_hand_summary,
line 1: "94959 1 100 10 1788 83447544165 2012/07/17 12:35:25 2012/07/17 12:38:41 5 5 0 0 0 100.00 0.00 0.00 0..."
2012-07-17
14:38:41 CESTSTATEMENT: COPY cash_hand_summary FROM STDIN;
Error - 17.07.2012 08:38:41 | Computer Name = simon-PC | Source = PostgreSQL | ID = 0
Description = 2012-07-17 14:38:41 CESTERROR: duplicate key value violates unique
constraint "ohs-unique_hand_no" 2012-07-17 14:38:41 CESTCONTEXT: COPY cash_hand_summary,
line 1: "94960 1 100 10 1788 83447550501 2012/07/17 12:35:37 2012/07/17 12:38:41 5 5 2 2 2 100.00 97.00 97.00..."
2012-07-17
14:38:41 CESTSTATEMENT: COPY cash_hand_summary FROM STDIN;
Error - 17.07.2012 08:38:41 | Computer Name = simon-PC | Source = PostgreSQL | ID = 0
Description = 2012-07-17 14:38:41 CESTERROR: duplicate key value violates unique
constraint "ohs-unique_hand_no" 2012-07-17 14:38:41 CESTCONTEXT: COPY cash_hand_summary,
line 1: "94961 1 100 10 1788 83447585850 2012/07/17 12:36:42 2012/07/17 12:38:41 6 6 0 0 0 40.00 0.00 0.00 0...."
2012-07-17
14:38:41 CESTSTATEMENT: COPY cash_hand_summary FROM STDIN;
Error - 17.07.2012 08:38:41 | Computer Name = simon-PC | Source = PostgreSQL | ID = 0
Description = 2012-07-17 14:38:41 CESTERROR: duplicate key value violates unique
constraint "ohs-unique_hand_no" 2012-07-17 14:38:41 CESTCONTEXT: COPY cash_hand_summary,
line 1: "94962 1 100 10 1788 83447598580 2012/07/17 12:37:05 2012/07/17 12:38:41 5 5 0 0 0 39.00 0.00 0.00 0...."
2012-07-17
14:38:41 CESTSTATEMENT: COPY cash_hand_summary FROM STDIN;
Error - 17.07.2012 08:38:42 | Computer Name = simon-PC | Source = PostgreSQL | ID = 0
Description = 2012-07-17 14:38:42 CESTERROR: duplicate key value violates unique
constraint "ohs-unique_hand_no" 2012-07-17 14:38:42 CESTCONTEXT: COPY cash_hand_summary,
line 1: "94963 1 100 10 1789 83447533006 2012/07/17 12:35:04 2012/07/17 12:38:42 6 6 0 0 0 103.16 0.00 0.00 0..."
2012-07-17
14:38:42 CESTSTATEMENT: COPY cash_hand_summary FROM STDIN;
Error - 17.07.2012 08:38:42 | Computer Name = simon-PC | Source = PostgreSQL | ID = 0
Description = 2012-07-17 14:38:42 CESTERROR: duplicate key value violates unique
constraint "ohs-unique_hand_no" 2012-07-17 14:38:42 CESTCONTEXT: COPY cash_hand_summary,
line 1: "94964 1 100 10 1789 83447543849 2012/07/17 12:35:25 2012/07/17 12:38:42 6 6 0 0 0 104.66 0.00 0.00 0..."
2012-07-17
14:38:42 CESTSTATEMENT: COPY cash_hand_summary FROM STDIN;
Error - 17.07.2012 08:38:42 | Computer Name = simon-PC | Source = PostgreSQL | ID = 0
Description = 2012-07-17 14:38:42 CESTERROR: duplicate key value violates unique
constraint "ohs-unique_hand_no" 2012-07-17 14:38:42 CESTCONTEXT: COPY cash_hand_summary,
line 1: "94965 1 100 10 1789 83447549887 2012/07/17 12:35:36 2012/07/17 12:38:42 6 6 0 0 0 105.16 0.00 0.00 0..."
2012-07-17
14:38:42 CESTSTATEMENT: COPY cash_hand_summary FROM STDIN;
Error - 17.07.2012 08:38:42 | Computer Name = simon-PC | Source = PostgreSQL | ID = 0
Description = 2012-07-17 14:38:42 CESTERROR: duplicate key value violates unique
constraint "ohs-unique_hand_no" 2012-07-17 14:38:42 CESTCONTEXT: COPY cash_hand_summary,
line 1: "94966 1 100 10 1789 83447560461 2012/07/17 12:35:55 2012/07/17 12:38:42 6 6 2 2 2 104.66 98.16 91.72..."
2012-07-17
14:38:42 CESTSTATEMENT: COPY cash_hand_summary FROM STDIN;
Error - 17.07.2012 08:54:08 | Computer Name = simon-PC | Source = PostgreSQL | ID = 0
Description =
Error - 17.07.2012 09:00:28 | Computer Name = simon-PC | Source = PostgreSQL | ID = 0
Description =
[ System Events ]
Error - 11.07.2012 16:11:00 | Computer Name = simon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12.07.2012 02:23:26 | Computer Name = simon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12.07.2012 12:52:44 | Computer Name = simon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 12.07.2012 15:38:05 | Computer Name = simon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 14.07.2012 02:25:41 | Computer Name = simon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 14.07.2012 02:59:20 | Computer Name = simon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 14.07.2012 07:33:43 | Computer Name = simon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 14.07.2012 19:50:22 | Computer Name = simon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 16.07.2012 14:20:56 | Computer Name = simon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.07.2012 03:24:30 | Computer Name = simon-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
|
18.07.2012, 14:07
Linear-Darstellung
