Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner "TR/Jorik.Banker.bfu"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.08.2012, 16:42   #1
arno77
 
Trojaner  "TR/Jorik.Banker.bfu" - Standard

Trojaner "TR/Jorik.Banker.bfu"



Scan mit dem OTL-Tool:

Inhalt OTL.exe:

OTL logfile created on: 17.08.2012 16:25:17 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***\Desktop\Virus
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 70,98% Memory free
7,73 Gb Paging File | 6,49 Gb Available in Paging File | 84,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,57 Gb Total Space | 397,55 Gb Free Space | 87,84% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 94,91 Mb Free Space | 95,85% Space Free | Partition Type: FAT32
Drive G: | 967,45 Mb Total Space | 849,63 Mb Free Space | 87,82% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\Virus\OTL.exe (OldTimer Tools)
PRC - C:\program files (x86)\avira\antivir desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (msiserver) -- C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{E26F4B67-509C-4488-9179-F144953425C6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{E26F4B67-509C-4488-9179-F144953425C6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/br/ie9_startpage
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes,DefaultScope = {5F13BC8E-F65A-4734-8767-40DB7FB1B6F7}
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=0D45F4D001CB3BBC00703A05&install_time=2010-08-14T14:22:00Z&src_id=11429&camp_id=-3&tb_version=2.5.15000.521
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{5F13BC8E-F65A-4734-8767-40DB7FB1B6F7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_deDE463
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{B771E473-3757-429D-B9C0-B2EBEC345744}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80195&lng=de
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1eyogOLQhIM
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\SearchScopes\{E26F4B67-509C-4488-9179-F144953425C6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010.10.02 15:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.02 15:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.08.14 21:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2933593867-1646594388-1835323612-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A853B8AE-8103-420B-B79C-D947E0C8DBAF}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.17 16:24:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virus
[2012.08.14 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.08.14 22:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2012.08.14 21:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.14 21:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.14 21:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.08.14 21:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012.08.14 21:53:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.08.01 19:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTP2 Addons
[2012.08.01 16:11:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skip-Bo
[2012.08.01 16:08:47 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012.08.01 16:08:47 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.08.01 16:08:47 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012.08.01 16:08:47 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.08.01 16:08:46 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012.08.01 16:08:46 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012.08.01 16:08:46 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012.08.01 16:08:46 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.08.01 16:08:46 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.08.01 16:08:46 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.08.01 16:08:45 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012.08.01 16:08:45 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.08.01 16:08:45 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.08.01 16:08:45 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012.08.01 16:08:45 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.08.01 16:08:45 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.08.01 16:08:45 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.08.01 16:08:45 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.08.01 16:08:44 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.08.01 16:08:44 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.08.01 16:08:44 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012.08.01 16:08:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.08.01 16:08:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.08.01 16:08:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012.08.01 16:08:43 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012.08.01 16:08:43 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.08.01 16:08:43 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012.08.01 16:08:43 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012.08.01 16:08:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012.08.01 16:08:43 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012.08.01 16:08:43 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012.08.01 16:08:43 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012.08.01 16:08:43 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012.08.01 16:08:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012.08.01 16:08:42 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012.08.01 16:08:42 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012.08.01 16:08:42 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012.08.01 16:08:42 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012.08.01 16:08:42 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012.08.01 16:08:42 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012.08.01 16:08:42 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012.08.01 16:08:42 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012.08.01 16:08:41 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012.08.01 16:08:41 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012.08.01 16:08:41 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012.08.01 16:08:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012.08.01 16:08:41 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012.08.01 16:08:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012.08.01 16:08:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012.08.01 16:08:41 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012.08.01 16:08:41 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012.08.01 16:08:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012.08.01 16:08:40 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012.08.01 16:08:40 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012.08.01 16:08:38 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012.08.01 16:08:38 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012.08.01 16:08:38 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012.08.01 16:08:38 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012.08.01 16:08:38 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012.08.01 16:08:38 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012.08.01 16:08:38 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012.08.01 16:08:38 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.08.01 16:08:37 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012.08.01 16:08:37 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012.08.01 16:08:37 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012.08.01 16:08:37 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012.08.01 16:08:37 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012.08.01 16:08:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.08.01 16:08:37 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012.08.01 16:08:37 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.08.01 16:08:37 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012.08.01 16:08:37 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012.08.01 16:08:36 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012.08.01 16:08:36 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.08.01 16:08:36 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012.08.01 16:08:36 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012.08.01 16:08:36 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012.08.01 16:08:36 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.08.01 16:02:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Einfach Spielen
[2012.08.01 16:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einfach Spielen
[2012.08.01 16:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Einfach_Spielen
[2012.08.01 15:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2012.08.01 15:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2012.08.01 15:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2012.07.28 12:12:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Keseling
[2012.07.28 10:47:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.07.28 10:47:10 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.07.28 10:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.07.28 10:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3.4 (de) Installation Files
[2012.07.28 09:38:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.07.28 09:38:08 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.07.27 12:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auran
[2012.07.27 12:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auran
[2012.07.27 09:58:10 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012.07.27 09:58:10 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012.07.27 09:58:09 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012.07.27 09:58:09 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012.07.27 09:58:09 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012.07.27 09:58:09 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.07.27 09:58:09 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012.07.27 09:58:09 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.07.27 09:58:08 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012.07.27 09:58:08 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.07.27 09:58:08 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012.07.27 09:58:08 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.07.27 09:58:07 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012.07.27 09:58:07 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.07.27 09:58:07 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012.07.27 09:58:07 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.07.27 09:58:05 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012.07.27 09:58:05 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.07.27 09:58:05 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012.07.27 09:58:05 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.07.27 09:58:04 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012.07.27 09:58:04 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.07.27 09:58:03 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012.07.27 09:58:03 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.07.27 09:58:03 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012.07.27 09:58:03 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.07.27 09:58:02 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012.07.27 09:58:02 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.07.27 09:58:02 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012.07.27 09:58:02 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012.07.27 09:58:00 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012.07.27 09:58:00 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012.07.27 09:57:54 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012.07.27 09:57:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012.07.27 09:57:53 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012.07.27 09:57:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.07.27 09:57:53 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012.07.27 09:57:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012.07.27 09:57:52 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012.07.27 09:57:52 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012.07.27 09:57:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.07.27 09:57:52 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.07.27 09:57:51 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012.07.27 09:57:51 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012.07.27 09:57:49 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012.07.27 09:57:49 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.07.27 09:57:48 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012.07.27 09:57:48 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.07.27 09:57:46 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012.07.27 09:57:46 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.07.27 09:48:32 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ShipSim2008 UserData
[2012.07.27 09:48:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008
[2012.07.27 09:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008
[2012.07.27 09:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstep
[2012.07.27 09:42:31 | 000,268,048 | ---- | C] (MetaCreations Corporation) -- C:\Windows\SysWow64\dxtmeta2.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.17 16:15:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 16:15:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 16:08:16 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.17 16:08:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.17 16:07:55 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.05 19:03:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 18:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 17:48:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.05 17:48:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.02 10:31:11 | 000,397,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.01 16:09:39 | 000,002,167 | ---- | M] () -- C:\Users\***\Desktop\Skip-Bo spielen.lnk
[2012.08.01 16:09:39 | 000,001,070 | ---- | M] () -- C:\Users\***\Desktop\Spielkiste.lnk
[2012.08.01 15:33:17 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\Chuzzle Deluxe.lnk
[2012.07.28 11:47:54 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Starte PTP2.lnk
[2012.07.28 11:36:37 | 000,001,249 | ---- | M] () -- C:\Users\***\Desktop\Eigene Dokumente.lnk
[2012.07.28 10:49:37 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.07.28 09:55:52 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.27 10:42:54 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Schiff-Simulator 2008.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.02 10:31:01 | 000,397,504 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.01 16:02:39 | 000,002,167 | ---- | C] () -- C:\Users\***\Desktop\Skip-Bo spielen.lnk
[2012.08.01 16:02:39 | 000,001,070 | ---- | C] () -- C:\Users\***\Desktop\Spielkiste.lnk
[2012.08.01 15:33:17 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\Chuzzle Deluxe.lnk
[2012.07.28 11:47:54 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Starte PTP2.lnk
[2012.07.28 11:36:37 | 000,001,249 | ---- | C] () -- C:\Users\***\Desktop\Eigene Dokumente.lnk
[2012.07.28 10:47:10 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.07.27 10:39:50 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Schiff-Simulator 2008.lnk
[2012.06.01 15:30:12 | 000,000,016 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2012.01.21 20:06:34 | 000,007,648 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.01.21 18:03:07 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{34C74D91-DC79-4668-9A56-DE0C93EF610E}
[2011.10.16 10:58:01 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.06.29 20:33:48 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{935F87AB-9E0B-4601-A6BB-6493269CD5AD}
[2011.06.28 22:48:24 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{B0D3D3DE-6E89-48C2-8AB5-198F953F1E4B}
[2011.04.21 09:12:06 | 000,001,854 | ---- | C] () -- C:\Users\***\AppData\Roaming\GhostObjGAFix.xml
[2011.04.07 20:08:12 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\ZX9EQJT7_{179E027A-EA4A-43D7-9755-4E4237726C01}.dat
[2011.04.07 20:06:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.28 18:05:17 | 000,000,062 | ---- | C] () -- C:\Windows\pcvcdbr.INI
[2011.02.28 18:05:15 | 000,000,000 | ---- | C] () -- C:\Windows\pcvcdvw.INI
[2010.11.16 21:07:10 | 000,000,243 | ---- | C] () -- C:\ProgramData\MusicStation.xml
[2010.06.09 10:15:52 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.12.09 17:23:13 | 000,050,728 | RHS- | C] () -- C:\Users\***\AppData\Roaming\appconf32.exe

========== LOP Check ==========

[2011.10.05 20:53:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\1&1 Mail & Media GmbH
[2010.07.19 21:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2012.07.28 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Keseling
[2012.06.01 15:29:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011.10.16 11:00:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.12.11 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\muvee Technologies
[2010.11.16 21:07:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\newfolder3
[2012.07.28 10:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.08.01 16:11:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skip-Bo
[2011.12.15 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Systweak
[2010.06.09 10:16:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2010.06.03 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific
[2010.10.02 15:48:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2012.06.01 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2010.06.09 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent
[2010.06.09 12:41:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.06.01 15:31:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2010.06.08 13:02:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs
[2012.06.03 10:04:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Extra.exe

OTL Extras logfile created on: 17.08.2012 16:25:17 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***\Desktop\Virus
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 70,98% Memory free
7,73 Gb Paging File | 6,49 Gb Available in Paging File | 84,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,57 Gb Total Space | 397,55 Gb Free Space | 87,84% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 94,91 Mb Free Space | 95,85% Space Free | Partition Type: FAT32
Drive G: | 967,45 Mb Total Space | 849,63 Mb Free Space | 87,82% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C5AFD7-6716-4F7F-A245-0045AF853F9A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0880D7CE-746D-4E43-A43D-1B4EDB1C8A04}" = lport=137 | protocol=17 | dir=in | app=system |
"{093C6D06-AA6F-49D0-8C18-137503C16090}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{09CE5FF5-AC9A-4595-8E6D-83B7E15F7395}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{161504A8-7A3B-422D-9B36-2C74D26A4D95}" = lport=138 | protocol=17 | dir=in | app=system |
"{24DE1855-CF98-4C2A-95D3-81B82577F166}" = lport=445 | protocol=6 | dir=in | app=system |
"{39608D99-21B9-483A-9F85-1FF4BEB9EE36}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41F69079-E624-4527-8061-89A35D445F59}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4B0B4204-63AB-414B-88BB-8E12FBB19ECD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E19BFD7-A06C-4F40-A961-383B3ECBF037}" = lport=139 | protocol=6 | dir=in | app=system |
"{60CF3535-E6EB-443F-AB37-D5946D2D0E2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72D981B7-E765-4C46-8DA4-9D513C4B7916}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7385A613-53D1-41AE-8747-7D39AD089986}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{75949792-3E95-4671-ADEE-8D6FEB07971B}" = rport=138 | protocol=17 | dir=out | app=system |
"{75B1167E-C124-4870-BBF5-285669728773}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8939AE83-5FE4-4841-B3EF-3C5FAFFDE914}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8A27BAE6-3685-4686-BD91-C3232957C636}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{993367AF-901D-41D3-B237-D1929A0195A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B16339F2-E1FD-476C-9004-55CBF276B46D}" = rport=445 | protocol=6 | dir=out | app=system |
"{C2A4F617-3EB7-4BD8-BDF5-38EAD47544AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C3E4BFB3-3D3B-4845-B89E-D9999BD48C33}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7793E4E-6025-468D-957C-7314C149FCF4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E3D4F920-7E64-472E-AF37-87DC34CFD47F}" = rport=137 | protocol=17 | dir=out | app=system |
"{FABFCB89-45E1-4D83-A9FE-9090655E9ACD}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F1D4DD-CF08-40A4-827E-F78BF120D927}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{060CB373-869D-46E3-AB93-AAB7A6C3931D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{06F8E48B-4D40-407E-BE73-ED9212F02EA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0A1F3A83-B62C-4643-8E5D-06CFDEFF5BA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0A5F44DE-184F-4F04-A008-94573D010976}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0BA34352-24F2-4054-9F2F-E8BE2CC8CEFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C28B34E-9BC6-4CA6-A2C8-34BB6DFA6908}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0CB92FA2-D63A-438C-AD3C-00C2428F0156}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0DC73EE7-AB37-45F2-8DF3-1A1029080067}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E009173-FF4B-40D3-8036-C07E940AB589}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14611795-F5BB-4085-A9CE-C7F53910EB63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14C297A5-DCEA-434A-BCFF-EB77215D063A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16E4FF69-9EF7-4493-9063-771E26B68FFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17E9C09F-E8A4-48E1-BEAB-BEDB62D6E819}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18D0C82A-3939-4A87-BBA3-83D11FC3824A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18E336BC-AE4E-4245-BBDD-0928CA112904}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19F8AFD1-05E6-400D-B66F-D43D620A2105}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1DDBC141-B3B3-4941-92B1-C82EB53C0433}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F578814-167B-4E9F-8EE2-9D7178813D31}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F7135A9-98AA-4BBE-9A34-C42BAEE70EEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{20DDA71D-F913-4AFE-8F1D-F6F536715DA0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{23EC3478-8E26-4CBD-8797-F29EEBDB56E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{25EEC195-D8B7-45CB-BA54-15F7C2E198E2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{26A02286-3BB9-4D43-942F-B2736631EC1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28DB3B27-1002-48B8-B816-4966E6086A81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B192A49-638E-4A2E-A5D7-5AFC81CC9543}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2C6BA934-FEDF-4807-BA05-9141F6379343}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D4525EA-54DB-438C-89B7-FD17AFEF51E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E0FD1AD-025C-439B-9C40-4D3317FF975E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F82A405-8D1E-42EE-9BD6-D7269E0C6763}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{374B599B-EA34-408C-91EC-1B49D70BA4B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3793847F-86A3-4550-9EA3-BB4B3B89BC2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37B6A74B-0833-4A01-9C41-49BE1CFD0F34}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{37F6C143-8E30-446A-82EE-F5F51E23C5AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38B1417E-D090-4A9F-90BE-54C99266D797}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{39408085-8D3C-49B8-AFD4-C2E64E3977B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3C2E9A4A-BB77-4B0F-A840-A1B207305996}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{3C73A0A8-D374-456F-832F-4FACAEEF8F52}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{425DE7CB-EC2A-437F-8A2C-71C9695E65E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{43F390AD-5683-4B31-A2AA-95E2261B75A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4697801E-A184-4EE2-955C-32FAD204D1ED}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{46B9030E-EC91-4629-819D-E00C4C449D7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D92AFBE-A259-4981-93E6-36680D9BF83D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4F9DF736-411A-4960-8D81-74B5B75AD014}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5262D5BC-B816-416B-9F1A-C84D8FD1EF3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5583EFB4-A7C5-472A-9B65-8A8A132718FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5B280FA9-2292-4879-AF1D-4D0760CE04E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5C3B83D7-B801-4BBC-B3F1-F399739050A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5C500462-3EF1-4B93-A034-1E053E67FBE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5F3ADCB5-DAA8-4526-BC8C-78598C21E1BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{60498124-D9D8-4B64-B959-71A23165583E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{60E5E223-5FB6-4312-983C-7165A353AF34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62167AFB-FCA8-45CD-9184-190CF25F6DDE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{621BF43E-8994-4E86-95A3-7943100C00DB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{624937F3-94AF-4667-94CE-3142FB400080}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{634529C3-CC90-4E97-B3F4-9F71FCC5E500}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{642A632E-88D7-441E-B82C-14B1F819E705}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{64A42581-5C21-4E1E-93AD-039E7A72DF26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{657DA485-D9CB-4EE7-9C1D-E37C59E65C8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{69675AD0-E171-429F-88EF-8F2EF78B0FC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6FD532D5-5E7B-423C-87C4-F208DBCA905D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70B14320-18E2-4F8E-9515-122E3BED267E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{71648E14-FE7D-46F3-8340-71733A336D05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{72DF39DA-C18D-4373-A5C3-8BC0C554BE09}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7345D8B8-01BA-4BFA-853D-ADD0F489AC13}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73736C38-0314-468B-B0BD-84C0C7CFC3EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{76852645-7D49-420E-A168-E4F1E32BA901}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{77E85E5A-1900-49B0-8EB6-18BFC14A4522}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7BC468A7-15DA-4C35-B093-F40BDFD1ABBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7BD2DED3-92AA-4A44-BFD1-3B7A4EA468E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8275195D-0FEB-44C0-BEAC-9B54EC05169E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84D63B51-0239-44F8-9954-D9449038B5EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8925BD5E-CA44-4DCB-A8BD-67CF61D3E2B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{89666740-1B0C-4B72-8A65-4C7FD60AA52C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B7AB338-A84A-4050-AC2D-E8E76C0C67D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8D3ECEBB-A261-4ADF-A92F-D33542A4157A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DF875C3-14EB-42B8-B100-C5418733F1D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E02C528-1432-44CC-964D-131AF8E1F778}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E986E65-6596-401C-8E60-60703F9B8EE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{905C5B58-B788-4808-A8DA-469A5A421A34}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{92B1A7F3-1F56-4458-960E-B9FB7BEED47E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9312ACDD-9EF3-4F46-9232-D02C54958D24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9713EC9F-4D63-453E-820E-3BA12CF2EAB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97F9EF81-81E9-41CC-BCD8-83DCB5243B55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{98EC9224-986F-4E91-A82C-7B5ECA1B67F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A243F60-CFD8-4407-B7DA-485F8D0EBEC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A87948C-5214-4197-B450-90CBBF179E7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B60D0AA-958F-46CC-A2D9-66E698628623}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A64BFEEC-C11C-4734-8C5F-9E31BA1EACD2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A767C07A-7571-4CE6-90EA-094EED814B4E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB589DB6-7515-44F8-8983-7A2623D0D21C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC79E7D4-65BF-435A-9F15-CCF366A877D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B22DA9C2-9453-4016-85C8-F94ED4138C25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B45861B2-73E3-405F-93C8-7AC93A2470F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4717B14-3714-4310-B797-E29EA4D1FD05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4D411FC-0673-49E5-874A-5DF8C1541D28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B50DA95F-B2C4-4284-873F-0B488DE6502F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B54BD2ED-2D5E-4BCA-835F-257D89229669}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAA21C27-ED68-404B-B22F-497D3C75AB39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC8D4F5B-87EA-41F4-A624-A422E3AB04B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDD8CF8F-2296-47AD-B990-90A2DF66CA55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BFF55C80-B216-4D63-A7F6-8DC659176273}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C180A2C0-EAB3-4DAE-B6D1-6DF62CC75941}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2724B2A-3A8E-4CA5-8AE3-F0D4141CEC9A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C29860A3-A85B-4A17-BD57-252CDB230CE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C4376F8E-A2E2-4F5F-9887-F49F86F6D2EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C4730B94-E478-49EE-B3BF-F3A87F68C23E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9BD0ECD-288B-4070-9020-A0327586EE1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE04396D-0193-4563-98F2-4303E004F3DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D13E15FB-3DF3-4F05-B2F1-FADE7B25E8BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2550A00-E9A3-4C2F-B07D-169FB550B83C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{D517C557-318C-410A-BE85-222624F5D19D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D72AD551-6016-4BCA-AD2F-AF7A56785BCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7DA5D61-2967-47F3-A2F7-74DD40D3B902}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA033592-3765-4651-A379-2F8BEEB7386D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DBF0DF8E-27FB-46D3-A135-C316DC61EA73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DCABAE0A-4502-4EA1-AF95-8B97DC26FFF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD32E9E5-6D8B-420F-9259-41677B16CA09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DFDADBF0-F506-4D3C-A670-51DB6C9B7370}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4F90B0D-41A6-443A-840A-1F1F1911996B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E507A6F4-F230-459D-9540-F6F9B1931E1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6BA94EE-67FE-430B-A3B1-EA1A1D9C81D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7569BBF-AE4B-4BB0-AFC2-D0E70A830CB6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB791CA7-29E8-4231-98AF-22D331663BBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE54A93A-126E-40F5-BC71-ED22DF948F1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFC400B7-36CA-4542-845F-C158110C4C6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F280A4A0-A137-4620-9B88-67F5FB8C4511}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3066157-98BA-4C6A-90C8-2736D4CE2C15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F36E5663-356C-4D2C-ABA4-80D0BE67C687}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F666F5C6-ADE5-46DD-A19F-F743C95820ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F673EE5C-78B0-428C-B84A-1F1C8064A61A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F7919610-8459-4959-B316-123CC575CDEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F93A701B-73FF-47C6-86A9-1600F56B366D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB4AE7A4-AE1F-43F7-900B-1FCACBD53715}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB556442-93DF-4B5B-B3D9-068E90E3783D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FDD32F18-2CCE-4B30-8E1F-064604E3B100}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{D28ABA61-84C5-47F6-9C2C-2D4360923445}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{F94FA854-B3C8-417A-9B21-BCA33994BA3D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4C3CB2BA-00FA-4303-9B10-D74145B92F04}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{63B8EBD7-1473-4137-BE00-3EE6C55B4716}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French
"{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech
"{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish
"{1350B50D-E596-4C53-A912-5C9F1FC5A6CD}" = ProTrain Perfect 2 - Addon9 Hamburg - Berlin -
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light
"{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C4644E0-7759-4723-8A32-21B45B81D785}" = MAGIX Screenshare
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static
"{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish
"{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5D1AA42-B24E-4FA3-ABEA-497D0C7C7994}" = ProTrain Perfect 2 - TEE Rheingold -
"{A68D2170-1F19-4057-871B-600C03EC7A35}" = ProTrain Perfect 2 - Halle - Berlin -
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{BC146E5F-A2B0-40DB-90E7-2833807E98DF}" = HP User Guides 0183
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1C3AE4C-7E56-4E71-B173-ADBBA56147A5}" = MAGIX Speed burnR (MSI)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common
"{E74E7F63-E70F-43f2-873F-35FB66F263B2}" = MusicStation
"{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch
"{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AuranTS2009_ptp2_is1" = ProTrain Perfect 2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Chuzzle Deluxe 1.0.3.1132" = Chuzzle Deluxe 1.0.3.1132
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"EasyBits Magic Desktop" = Magic Desktop
"EPSON Scanner" = EPSON Scan
"IncrediMail" = IncrediMail 2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"MAGIX Filme auf DVD TerraTec Edition D" = MAGIX Filme auf DVD TerraTec Edition 7.0.3.8 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"Mah Jongg" = Mah Jongg
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Picasa 3" = Picasa 3
"ShipSim2008" = Schiff-Simulator 2008
"TerraTec Grabby" = TerraTec Grabby V5.09.0813.00
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.03.2012 07:56:53 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.03.2012 07:56:53 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.03.2012 07:56:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.03.2012 07:56:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.03.2012 07:56:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.03.2012 07:56:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.03.2012 07:56:54 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 17.03.2012 14:30:07 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 18.03.2012 13:16:30 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description =

Error - 18.03.2012 13:18:32 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description =

[ Hewlett-Packard Events ]
Error - 01.01.2011 14:02:02 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
RoutedEventArgs e) bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) bei System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) bei MS.Internal.LoadedOrUnloadedOperation.DoWork() bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) bei System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 16.01.2011 06:03:03 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)

bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()

Error - 21.04.2011 03:12:05 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041121091202.xml
File not created by asset agent

Error - 21.04.2011 04:50:45 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041121105043.xml
File not created by asset agent

Error - 12.05.2011 14:17:55 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051112081753.xml
File not created by asset agent

Error - 26.07.2011 09:59:25 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071126035922.xml
File not created by asset agent

Error - 18.10.2011 11:23:24 | Computer Name = ***-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 16.04.2012 13:46:17 | Computer Name = ***-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 15.05.2012 17:01:27 | Computer Name = ***-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 15.05.2012 17:03:31 | Computer Name = ***-PC | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2732487)

Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2647753)

Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 für Windows 7 für x64-Systeme (KB2722913)

Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2705219)

Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2731847)

Error - 17.08.2012 10:11:16 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2712808)

Error - 17.08.2012 10:20:53 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 17.08.2012 10:20:54 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 17.08.2012 10:23:33 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.

Error - 17.08.2012 10:23:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.


< End of report >

Prüft bitte ob noch was zu retten ist.
Danke

Alt 20.08.2012, 22:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner  "TR/Jorik.Banker.bfu" - Standard

Trojaner "TR/Jorik.Banker.bfu"



Bitte nicht einfach nur beschreibungslos die OTL oder andere Logs reinknallen

Zitat:
Trojaner "TR/Jorik.Banker.bfu"
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Trojaner "TR/Jorik.Banker.bfu"
antivir, avira, bho, desktop, error, excel, fehler, firefox, flash player, format, helper, home, iexplore.exe, install.exe, installation, launch, logfile, msiexec.exe, object, origin, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, trojaner, usb 2.0, visual studio, windows



Ähnliche Themen: Trojaner "TR/Jorik.Banker.bfu"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Scan Fand "trojan.agent/gen-jorik.process" ???
    Plagegeister aller Art und deren Bekämpfung - 11.09.2014 (3)
  3. Gefunden Jorik, AgentZ, Zeus (TrojanHunter) + "Sparkassentrojaner"
    Log-Analyse und Auswertung - 16.11.2013 (13)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. "Trojan.Banker" im Malwarebytes-Logfile
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  6. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  7. Rkit/Agent.desj; Spy.Farko.mq; Jorik.Banker.caq
    Log-Analyse und Auswertung - 30.07.2012 (3)
  8. Trojaner: Spy(Farko), Banker(Jorik),Downloader(Java) und Rootkit Funde durch Kaspersky '12
    Plagegeister aller Art und deren Bekämpfung - 15.05.2012 (13)
  9. Trojaner "appconf32.exe" und "Trojan.Banker" gefunden
    Log-Analyse und Auswertung - 11.01.2012 (7)
  10. TR/Spy.Banker.Gen2 nach "BKA-Meldung"
    Plagegeister aller Art und deren Bekämpfung - 03.12.2011 (22)
  11. Trojaner "TR/Spy.Banker.FJ"
    Log-Analyse und Auswertung - 30.01.2011 (102)
  12. Was ist tr "crypt.xpack.gen2" und "TR/Banker.Multi.TB"?
    Plagegeister aller Art und deren Bekämpfung - 09.01.2011 (7)
  13. Was ist tr "crypt.xpack.gen2" und "TR/Banker.Multi.TB"?
    Alles rund um Windows - 08.01.2011 (1)
  14. Malwarebytes entdeckt "Trojan.Banker", Rechner total langsam - System clean?
    Plagegeister aller Art und deren Bekämpfung - 16.11.2009 (12)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. Spybot findet "Banker.FAT". Entfernung??
    Plagegeister aller Art und deren Bekämpfung - 30.08.2007 (2)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Trojaner "TR/Jorik.Banker.bfu" - Scan mit dem OTL-Tool: Inhalt OTL.exe : OTL logfile created on: 17.08.2012 16:25:17 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***\Desktop\Virus 64bit- Home Premium Edition Service - Trojaner "TR/Jorik.Banker.bfu"...
Archiv
Du betrachtest: Trojaner "TR/Jorik.Banker.bfu" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.