Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Durchsicht Logs nach Widerherstellung

Durchsicht Logs nach Widerherstellung


Log-Analyse und Auswertung: Durchsicht Logs nach Widerherstellung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 29.09.2012, 00:19   #1
Kazare
 
Durchsicht Logs nach Widerherstellung - Standard

Durchsicht Logs nach Widerherstellung


Hallo Trojaner-Board,

wäre es möglich, dass ihr bitte meine OTL-Files durch seht, ob dort was verdächtiges aufgeführt ist?
Hatte vor zwei Tagen das Problem, dass beim Surfen sich plötzlich einige Dialogfenster öffneten und, blöd wie ich war, ich sie schließen wollte. Danach fror Firefox ein und ließ sich nicht mehr schließen. Danach musste ich den PC mehrmals neu starten bis er ohne Fehlermeldung hochfuhr, allerdings war nun kein Win7 Modus mehr verfügbar. Habe dann in meiner Unwissenheit einen älteren Systemwiderherstellungspunkt verwendet, das hat funktioniert. Musste dann noch das Antivierenprogramm (Norton) neu installieren, da es sich nicht mehr einschalten lies. Jetzt schaut alles wider normal aus und funktioniert auch wider. Auch Malwarebytes Anti-Malware findet keine Probleme, allerdings binn ich da sehr skeptisch, ob auch wirklich wider alles in Ordnung ist. Kenne mich in solchen Sachen nur Leihenhaft aus, und wollte nun euch um Rat bitten.


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.28.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Kazare :: MEDIACENTER [Administrator]

29.09.2012 00:59:20
mbam-log-2012-09-29 (00-59-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197442
Laufzeit: 1 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



OTL logfile created on: 28.09.2012 23:26:18 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Kazare\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,29% Memory free
8,00 Gb Paging File | 6,53 Gb Available in Paging File | 81,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576,96 Gb Total Space | 338,97 Gb Free Space | 58,75% Space Free | Partition Type: NTFS

Computer Name: MEDIACENTER | User Name: Kazare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kazare\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe ()


========== Modules (No Company Name) ==========

MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.1.1.2\wincfi39.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe (Symantec Corporation)
SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (PnkBstrA) -- C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120928.003\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120928.003\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20120928.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120919.001\BHDrvx64.sys (Symantec Corporation)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {765500B8-4A56-44DC-A02D-879C057FE07E}
IE:64bit: - HKLM\..\SearchScopes\{765500B8-4A56-44DC-A02D-879C057FE07E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {7E80A078-7967-445E-8018-CE54AB54525F}
IE - HKLM\..\SearchScopes\{7E80A078-7967-445E-8018-CE54AB54525F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-470859463-2168000832-1761226613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-470859463-2168000832-1761226613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-470859463-2168000832-1761226613-1000\..\SearchScopes,DefaultScope = {7E80A078-7967-445E-8018-CE54AB54525F}
IE - HKU\S-1-5-21-470859463-2168000832-1761226613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.bing.de"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2012.09.28 22:58:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.09.25 21:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.26 16:52:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2012.06.10 13:06:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins

[2012.09.26 16:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kazare\AppData\Roaming\mozilla\Extensions
[2010.05.05 19:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kazare\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010.05.05 19:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kazare\AppData\Roaming\mozilla\Sunbird\Profiles\ytnmeb8e.default\extensions
[2012.09.26 16:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.25 21:09:39 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPLGN
[2012.08.25 02:01:17 | 000,134,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:23:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:02:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:23:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:23:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:23:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:23:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.DLL (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Kazare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EAE7C78-F6A7-48AB-B644-628A5CA4DA01}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DABDFA26-34B3-4D39-84DB-A4D4E08959F5}: DhcpNameServer = 10.72.0.72 10.72.0.73
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b1873307-52fc-11df-9eb6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b1873307-52fc-11df-9eb6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{B1873303-52FC-11DF-9EB6-806E6F6E6963}\bootwiz\asrm.bin)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.28 23:20:19 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Kazare\Desktop\OTL.exe
[2012.09.26 17:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.09.26 17:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.09.26 17:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012.09.26 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\Kazare\AppData\Local\Macromedia
[2012.09.26 17:06:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.09.26 16:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.25 21:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.09.25 21:06:16 | 001,132,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymEFA64.sys
[2012.09.25 21:06:16 | 000,776,352 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtsp64.sys
[2012.09.25 21:06:16 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymDS64.sys
[2012.09.25 21:06:16 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\symnets.sys
[2012.09.25 21:06:16 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\Ironx64.sys
[2012.09.25 21:06:16 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtspx64.sys
[2012.09.25 21:06:16 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymELAM.sys
[2012.09.25 21:06:15 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401010.002\ccSetx64.sys
[2012.09.25 21:06:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1401010.002
[2012.09.25 20:28:00 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.09.25 20:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.09.25 20:27:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012.09.25 20:27:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012.09.25 20:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012.09.25 20:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

========== Files - Modified Within 30 Days ==========

[2012.09.28 23:20:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Kazare\Desktop\OTL.exe
[2012.09.28 23:08:30 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 23:08:30 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 23:05:22 | 000,000,000 | ---- | M] () -- C:\Users\Kazare\defogger_reenable
[2012.09.28 22:56:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.28 22:56:53 | 3220,320,256 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.28 12:40:12 | 000,050,477 | ---- | M] () -- C:\Users\Kazare\Desktop\Defogger.exe
[2012.09.26 16:39:34 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.26 16:39:34 | 000,654,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.26 16:39:34 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.26 16:39:34 | 000,130,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.26 16:39:34 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.25 21:15:38 | 000,008,888 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\VT20120921.034
[2012.09.25 21:08:05 | 001,330,507 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\Cat.DB
[2012.09.25 21:06:36 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.09.25 21:06:36 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.09.25 21:06:36 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.09.15 01:40:30 | 000,076,524 | ---- | M] () -- C:\Users\Kazare\Desktop\Bolgod und Golotag.jpg
[2012.08.31 20:44:51 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\isolate.ini

========== Files Created - No Company Name ==========

[2012.09.28 23:05:22 | 000,000,000 | ---- | C] () -- C:\Users\Kazare\defogger_reenable
[2012.09.28 12:40:09 | 000,050,477 | ---- | C] () -- C:\Users\Kazare\Desktop\Defogger.exe
[2012.09.26 16:52:08 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.25 21:16:00 | 000,008,888 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\VT20120921.034
[2012.09.25 21:07:48 | 001,330,507 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\Cat.DB
[2012.09.25 21:06:04 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymELAM64.cat
[2012.09.25 21:06:04 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymVTcer.dat
[2012.09.25 21:06:04 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymEFA64.cat
[2012.09.25 21:06:04 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\symnet64.cat
[2012.09.25 21:06:04 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymDS64.cat
[2012.09.25 21:06:04 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymEFA.inf
[2012.09.25 21:06:04 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymDS.inf
[2012.09.25 21:06:04 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\SymNet.inf
[2012.09.25 21:06:04 | 000,001,436 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtsp64.inf
[2012.09.25 21:06:04 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtspx64.inf
[2012.09.25 21:06:04 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\symELAM.inf
[2012.09.25 21:06:04 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\ccSetx64.inf
[2012.09.25 21:06:04 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\Iron.inf
[2012.09.25 21:06:03 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\ccsetx64.cat
[2012.09.25 21:06:03 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtspx64.cat
[2012.09.25 21:06:03 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\srtsp64.cat
[2012.09.25 21:06:03 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\iron.cat
[2012.09.25 21:06:03 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401010.002\isolate.ini
[2012.09.25 20:28:00 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.09.25 20:28:00 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.09.15 01:40:24 | 000,076,524 | ---- | C] () -- C:\Users\Kazare\Desktop\Bolgod und Golotag.jpg
[2011.03.11 14:28:57 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.07 22:58:40 | 000,001,940 | ---- | C] () -- C:\Users\Kazare\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.07.28 02:21:23 | 000,003,584 | ---- | C] () -- C:\Users\Kazare\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.25 22:08:03 | 000,007,686 | ---- | C] () -- C:\Users\Kazare\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2010.10.10 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\Kazare\AppData\Roaming\Acronis
[2010.07.26 00:33:22 | 000,000,000 | ---D | M] -- C:\Users\Kazare\AppData\Roaming\IBBoard
[2010.05.05 16:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kazare\AppData\Roaming\Leadertech
[2012.04.30 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\Kazare\AppData\Roaming\Tific
[2012.06.05 12:49:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 28.09.2012 23:26:18 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Kazare\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,29% Memory free
8,00 Gb Paging File | 6,53 Gb Available in Paging File | 81,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576,96 Gb Total Space | 338,97 Gb Free Space | 58,75% Space Free | Partition Type: NTFS

Computer Name: MEDIACENTER | User Name: Kazare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-470859463-2168000832-1761226613-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A61ADB7-D952-4667-99F1-DEDAAC1207B2}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C546A53-7E42-4FA2-82D9-C101EA1D37B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F7BCDB2-78AB-4490-BBBC-82A03854E74A}" = rport=139 | protocol=6 | dir=out | app=system |
"{60BBA9EB-E063-41BC-8559-32917921AE2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B0D0788-0A84-4BFA-92EE-9A92557EB77B}" = lport=139 | protocol=6 | dir=in | app=system |
"{8763F352-2438-4E65-8A14-C8B206BC6C7F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87B4F256-6448-4E8E-B852-F6E896528F1C}" = rport=137 | protocol=17 | dir=out | app=system |
"{9199EDB5-AC0F-402C-961C-4AB0DF966E8F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3100271-9E41-449E-9C34-32D22FF72501}" = rport=445 | protocol=6 | dir=out | app=system |
"{B9043917-52D1-44A5-8DC5-ACDF6144B0FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E71980D5-EE82-4B36-BA8F-00FCCA623478}" = lport=445 | protocol=6 | dir=in | app=system |
"{E89C886B-ECCA-4695-8A74-FF9782F1BA9D}" = lport=138 | protocol=17 | dir=in | app=system |
"{ED262B5A-D553-4BC1-990D-C538C98D74F4}" = rport=138 | protocol=17 | dir=out | app=system |
"{F61EFA15-C8A4-448B-BB8E-9881A6EA563A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EEDBED-4572-4376-83AE-BB5CA950FC02}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{07D06FB2-D434-4D37-95C5-C44AEBA8F771}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{134C46E4-AA9F-4D13-BEF7-DCEC1EB0D4DF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1A418912-EC56-4082-A962-373D98A3D101}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{20E009B4-D47A-4EDD-A9BD-148456041EB6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{29A0CE58-7DD5-4F4C-AF0D-8C10709F9DA8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{2BE4F6D7-4966-4238-91C0-D5348691764B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2E6E73DD-DE17-41DC-B3C3-30D29410A5A3}" = protocol=17 | dir=in | app=c:\users\kazare\appdata\local\temp\7zsefca.tmp\symnrt.exe |
"{3361CB99-2CC5-4036-8B12-486C260E4B6A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{409090D2-89B9-4FF6-809A-62A36923FC91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{45E37459-F9F8-43E3-9C82-96522D65443C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4882C555-33EA-4854-A66E-AFD5F448B6B2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4ED38BE0-AD82-435A-BB27-9071CD666027}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{5083F58F-7FF7-4DD0-B9FD-EB1940821166}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{58E7A4FC-466D-4301-B519-94BC84F08207}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |
"{6B6DB50C-CCC8-4495-AC83-E5F0F1B813A8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{76A6C6A5-5F5F-4FA9-BA0D-2E0E3A0D8012}" = protocol=17 | dir=in | app=c:\users\kazare\appdata\local\temp\7zs58b9.tmp\symnrt.exe |
"{7B9271FB-40A7-4076-B0C3-0A1B59E766D6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{82DD532C-1538-4513-A1FA-7ABDF6DE51A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{88BEA7BF-B3B2-459F-9C13-E7709C1BB7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{96B285D9-FC52-4B7C-90AE-56DC63A73367}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9BA882EB-EAEA-48CA-A88D-5903BB5DF589}" = protocol=6 | dir=in | app=c:\users\kazare\appdata\local\temp\7zsefca.tmp\symnrt.exe |
"{BC4BF4E0-D5D5-417C-A0DD-D79A44BF892B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |
"{CBF251B7-AC78-411E-8136-C779B54F1AB6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{CD86E0B3-67F7-4C1B-8EC2-9513627DF718}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{E5D8B614-E512-46A8-BBB1-D6F125ED61F3}" = protocol=6 | dir=in | app=c:\users\kazare\appdata\local\temp\7zs58b9.tmp\symnrt.exe |
"{EF62D879-0DF2-4BD6-ABB8-E08F5C673A85}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{F3F0FB5D-B19B-4646-AEFC-E604B311F4AC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A4E6B7B-72F8-F09D-3167-D10BED76C1D1}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Redirection Port Monitor" = RedMon - Redirection Port Monitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F6151-CDFF-4ACE-6A0B-AB10E5C72CB6}" = CCC Help English
"{0334E92E-8D83-DBB5-6AB7-A6CDBFEA9502}" = Catalyst Control Center InstallProxy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0B2BE3A5-64A9-3CFB-7F9A-B76C774D70DF}" = CCC Help Portuguese
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20E91018-E7FD-1094-FEB6-D7E64A12CAAC}" = CCC Help Japanese
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30B6778F-B315-2E98-36EB-E06806B1E410}" = CCC Help Chinese Traditional
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{424BF763-4A22-CBD1-2EA4-E9F455A0B7DE}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{567AB08A-6816-E679-EE84-A89F107E75F7}" = Catalyst Control Center Graphics Previews Vista
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64710CB5-466A-3DF4-A8AF-C0B1357399E6}" = CCC Help Hungarian
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{6AF15677-78CA-5081-7F8D-55A82680FEE4}" = ccc-core-static
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7508A2B5-23AC-D9B4-5B4F-682771FF29D8}" = CCC Help Italian
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A74FFDF-F000-792D-A785-2BE5FD48D260}" = Skins
"{8C6C7024-853F-3583-7D85-ABB5CD0EBB97}" = Catalyst Control Center Graphics Full New
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A7AAE9A9-9E9A-FAFB-A12F-65BDB6391A39}" = CCC Help Spanish
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA4916CE-C893-375B-CAAF-5BAC711629F2}" = CCC Help Korean
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{B0BBD04F-0A95-2AAA-666B-8AFDAF835BAE}" = Catalyst Control Center Core Implementation
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{BBE209D7-0A90-1684-5124-8D470CF46E91}" = CCC Help Chinese Standard
"{BD4EA616-6D92-53FC-1CFC-1894CF9E5FBA}" = Catalyst Control Center Graphics Light
"{BD6441FE-2D09-5632-4A70-5DEB2B661268}" = Catalyst Control Center Graphics Full Existing
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D837A4C4-8466-D33F-54A5-064002985191}" = CCC Help German
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB6316F0-E008-EA74-8C15-4B178CA09F7B}" = CCC Help Turkish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1ED5BD7-4770-4037-9CBD-5DF9A5BEC408}" = Plus Pack für Acronis True Image Home 2011
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F76F2105-B0DB-B1AA-F254-1B68FCE35D63}" = Catalyst Control Center Graphics Previews Common
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B04736-2F30-2316-7741-DCB067B78988}" = CCC Help French
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.1
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Dell Dock" = Dell Dock
"FreePDF_XP" = FreePDF (Remove only)
"Heye Unberührte Welten 2011" = Heye Unberührte Welten 2011 Bildschirmschoner
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"Mozilla Firefox 10.0.7 (x86 de)" = Mozilla Firefox 10.0.7 (x86 de)
"NIS" = Norton Internet Security
"The One Ring 3D Screensaver_is1" = The One Ring 3D Screensaver 1.0
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07.08.2012 02:44:11 | Computer Name = MEDIACENTER | Source = Windows Search Service | ID = 3028
Description =

Error - 07.08.2012 02:44:11 | Computer Name = MEDIACENTER | Source = Windows Search Service | ID = 3058
Description =

Error - 07.08.2012 02:44:11 | Computer Name = MEDIACENTER | Source = Windows Search Service | ID = 7010
Description =

Error - 07.08.2012 12:59:48 | Computer Name = MEDIACENTER | Source = EventSystem | ID = 4621
Description =

Error - 07.08.2012 16:48:04 | Computer Name = MEDIACENTER | Source = EventSystem | ID = 4621
Description =

Error - 24.08.2012 17:46:30 | Computer Name = MEDIACENTER | Source = Microsoft-Windows-User Profiles Service | ID = 1508
Description = Die Registrierung konnte nicht geladen werden. Dieses Problem wird
oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen
verursacht. Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von
einem anderen Prozess verwendet wird. for C:\Users\Kazare\ntuser.dat

Error - 24.08.2012 17:46:30 | Computer Name = MEDIACENTER | Source = Microsoft-Windows-User Profiles Service | ID = 1502
Description = Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche
Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales
Profil. Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem
anderen Prozess verwendet wird.

Error - 24.08.2012 17:46:30 | Computer Name = MEDIACENTER | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung
dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error - 24.08.2012 17:46:30 | Computer Name = MEDIACENTER | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem
temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen,
gehen bei der Abmeldung verloren.

Error - 24.08.2012 20:47:29 | Computer Name = MEDIACENTER | Source = EventSystem | ID = 4621
Description =

[ Broadcom Wireless LAN Events ]
Error - 15.10.2010 03:50:39 | Computer Name = MEDIACENTER | Source = WLAN-Tray | ID = 0
Description = 09:50:38, Fri, Oct 15, 10 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 03.05.2010 17:13:16 | Computer Name = MEDIACENTER | Source = MCUpdate | ID = 0
Description = 23:13:16 - Fehler beim Herstellen der Internetverbindung. 23:13:16
- Serververbindung konnte nicht hergestellt werden..

Error - 03.05.2010 17:17:18 | Computer Name = MEDIACENTER | Source = MCUpdate | ID = 0
Description = 23:17:18 - Fehler beim Herstellen der Internetverbindung. 23:17:18
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 26.09.2012 09:54:25 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Power Control [2010/05/05 20:18:21]" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3

Error - 26.09.2012 11:53:59 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 26.09.2012 11:53:59 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 26.09.2012 12:43:40 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Power Control [2010/05/05 20:18:21]" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3

Error - 26.09.2012 13:50:47 | Computer Name = MEDIACENTER | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?09.?2012 um 19:42:32 unerwartet heruntergefahren.

Error - 26.09.2012 13:50:56 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Power Control [2010/05/05 20:18:21]" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3

Error - 28.09.2012 06:16:44 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Power Control [2010/05/05 20:18:21]" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3

Error - 28.09.2012 16:57:06 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Power Control [2010/05/05 20:18:21]" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3

Error - 28.09.2012 16:57:18 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.

Error - 28.09.2012 16:57:18 | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.


< End of report >

 

Themen zu Durchsicht Logs nach Widerherstellung
.dll, administrator, autorun, benutzerprofil, bho, error, explorer, fehlermeldung, firefox, flash player, format, install.exe, logfile, neustart, plug-in, problem, programm, realtek, registry, rundll, schließen, security, senden, software, starten, svchost.exe, symantec, trojaner-board, wlan


« BKA-/ Bundestrojaner 1.15 | gvu besuch »


Ähnliche Themen: Durchsicht Logs nach Widerherstellung


  1. Pop Ups und Weiterleitung zu Werbeseiten, schadsoftware installiert durch streaming software, Widerherstellung nicht möglich.
    Log-Analyse und Auswertung - 28.05.2015 (16)
  2. FRST logs nach Google-Blockierung einer Website
    Log-Analyse und Auswertung - 09.06.2014 (5)
  3. Logs nach Pishing Mail
    Log-Analyse und Auswertung - 25.01.2014 (9)
  4. Logs nach Beheben des QVO6
    Log-Analyse und Auswertung - 19.08.2013 (3)
  5. Logs nach einem Trojan.Zbot.ED fund
    Log-Analyse und Auswertung - 18.05.2013 (17)
  6. Bundestrojaner nach Systemwiderherstellung inkl. Logs
    Log-Analyse und Auswertung - 30.07.2012 (17)
  7. Auswertung meines Logs nach Trjanerfund durch Antivir und SUPERAntiSpyware
    Log-Analyse und Auswertung - 07.01.2012 (1)
  8. Logs nach Antimaleware doctor und Security Tool
    Log-Analyse und Auswertung - 26.09.2010 (21)
  9. Checken der Logs nach Trojaner Fund in Java Dateien
    Log-Analyse und Auswertung - 14.09.2010 (23)
  10. logs nach trojanerbefall
    Log-Analyse und Auswertung - 29.04.2010 (1)
  11. hijack logs nach diversen virenscans (browser spinnt)
    Log-Analyse und Auswertung - 11.03.2009 (11)
  12. Bitte um Durchsicht des Logs :)
    Mülltonne - 20.07.2008 (0)
  13. bitte um durchsicht meines logs ... unkontrollierter up- & download wenn online
    Log-Analyse und Auswertung - 23.03.2006 (1)
  14. Nach PSGuard Logs - bitte durchsehen!
    Plagegeister aller Art und deren Bekämpfung - 10.10.2005 (5)
  15. Nach PSGuard Logs - bitte durchsehen!
    Mülltonne - 09.10.2005 (0)
  16. Logs nach entfernen von Smitfraud.c und se.dll
    Log-Analyse und Auswertung - 01.09.2005 (10)
  17. kann jemadn meine logs nach gucken
    Log-Analyse und Auswertung - 24.01.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Durchsicht Logs nach Widerherstellung - Hallo Trojaner-Board, wäre es möglich, dass ihr bitte meine OTL-Files durch seht, ob dort was verdächtiges aufgeführt ist? Hatte vor zwei Tagen das Problem, dass beim Surfen sich plötzlich einige - Durchsicht Logs nach Widerherstellung...
Archiv
Du betrachtest: Durchsicht Logs nach Widerherstellung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131