verwanzt | 03.06.2012 12:51 | Hi kira,
1. Fixen mit OTL (meinst du das Text-File?) Code:
Files\Folders moved on Reboot...
F:\Users\mobile\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
2. Scan Bericht Malwarebytes Anti Malware: Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.06.03.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mobile :: **** [Administrator]
03.06.2012 09:52:50
mbam-log-2012-06-03 (09-52-50).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 643385
Laufzeit: 2 Stunde(n), 39 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende) 3. Installierte Software: Code:
7-Zip 9.20 (x64 edition) Igor Pavlov 13.04.2011 4,53MB 9.20.00.0
Acer PowerSmart Manager Acer Incorporated 30.05.2010 5.02.3000
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 18.08.2011 6,00MB 10.3.183.5
Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 20.04.2012 6,00MB 11.2.202.233
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 28.05.2010 1.0.0.23
Avira AntiVir Personal - Free Antivirus Avira GmbH 12.02.2012 61,8MB 10.2.0.707
CCleaner Piriform 22.05.2012 3.19
Cisco Systems VPN Client 5.0.07.0290 28.03.2011 10,6MB
Dropbox Dropbox, Inc. 14.03.2012 1.2.52
ECL Viewer SAP AG 13.10.2010 6.0
FASM version 0.16 21.11.2010
Foxit Reader Foxit Software Company 28.05.2010 10,6MB 3.3.1.518
Google Web Toolkit Developer Plugin for IE (x64) Google 29.06.2011 0,32MB 1.2.9570
Google Web Toolkit Developer Plugin for IE (x86) Google 03.10.2011 0,26MB 1.2.9570
InfoZoom 4.10 humanIT 20.06.2010 273MB 4.10.07
Intel(R) Graphics Media Accelerator Driver Intel Corporation 29.05.2010 8.15.10.2057
ISO Recorder Alex Feinman 16.04.2011 1,63MB 3.1.0
Java(TM) 6 Update 23 (64-bit) Oracle 20.12.2010 90,9MB 6.0.230
Java(TM) 6 Update 26 Oracle 01.11.2010 95,0MB 6.0.260
Java(TM) SE Development Kit 6 Update 23 (64-bit) Oracle 20.12.2010 146,3MB 1.6.0.230
Launch Manager Acer Inc. 30.05.2010 4.0.5
Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 02.06.2012 18,0MB 1.61.0.1400
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 29.06.2011 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 29.06.2011 2,94MB 4.0.30319
Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,95MB 14.0.5130.5003
Microsoft Office Ultimate 2007 Microsoft Corporation 17.12.2011 12.0.6425.1000
Microsoft Project Professional 2010 Microsoft Corporation 10.11.2011 14.0.6029.1000
Microsoft redistributable runtime DLLs VS2005 SP1(x86) SAP 13.10.2010 5,72MB 8.0.50727.762
Microsoft Silverlight Microsoft Corporation 22.02.2012 160,0MB 4.1.10111.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 22.06.2010 0,21MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 13.04.2011 0,77MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 02.06.2010 0,77MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.06.2011 0,77MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 28.05.2010 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 0,59MB 9.0.30729.6161
Miranda IM 0.8.24 28.05.2010
Mozilla Firefox (3.6.28) Mozilla 11.04.2012 3.6.28 (de)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 19.10.2010 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 19.10.2010 1,33MB 4.20.9876.0
MSXML4.0 redistributable SAP 13.10.2010 3,70MB 4.0.0.0
Pidgin 30.05.2010 2.7.0
Protege 4.1 Stanford Center for Biomedical Informatics Research 24.04.2012 1.0.0.0
QIP 2005 8097 Jeak-Edition jeak.de 17.11.2010 6,74MB 1.0.8097
SAP GUI 7.10 SAP AG 13.10.2010 7.10 Compilation 4
Skype™ 5.0 Skype Technologies S.A. 09.02.2011 15,2MB 5.0.156
SpeedFan (remove only) 01.07.2010
Streamripper (Remove only) 02.04.2011
TeX Live 2010 13.04.2011 2010
TeXnicCenter Version 1.0 Stable RC1 TeXnicCenter.org 13.04.2011 Version 1.0 Stable RC1
TortoiseSVN 1.6.12.20536 (64 bit) TortoiseSVN 23.02.2011 21,8MB 1.6.20536
TrueCrypt TrueCrypt Foundation 31.12.2010 7.0a
VLC media player 1.1.7 VideoLAN 04.02.2011 1.1.7
VMware Player VMware, Inc 18.04.2011 391MB 3.1.4.16648
Winamp Nullsoft, Inc 02.04.2011 5.61
Zune Microsoft Corporation 31.10.2011 04.08.2345.00 4. Der erneute Scan mit OTL ergab folgendes: Code:
OTL logfile created on: 03.06.2012 12:12:22 - Run 2
OTL by OldTimer - Version 3.2.45.0 Folder = F:\Users\mobile\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 43,54% Memory free
7,35 Gb Paging File | 5,10 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,27 Gb Free Space | 30,00% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 0,40 Gb Free Space | 1,35% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,34 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.02 00:06:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Downloads\OTL.exe
PRC - [2012.04.21 21:18:19 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- F:\Users\mobile\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.25 23:26:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.03 10:34:37 | 000,281,768 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.02.25 22:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.25 22:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LMworker.exe
========== Modules (No Company Name) ==========
MOD - [2011.03.25 23:26:48 | 000,970,352 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2011.03.25 23:26:18 | 000,068,720 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2009.05.20 14:02:04 | 000,072,200 | ---- | M] () -- F:\Program Files (x86)\Launch Manager\CdDirIo.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.21 21:18:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- F:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.20 19:26:20 | 000,819,232 | ---- | M] (Acer Incorporated) [Auto | Running] -- F:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- F:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 12:26:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 12:26:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- F:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.01 12:03:50 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.25 17:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.01.08 03:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.06 21:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 19 EE 8C 95 3E CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROJEC~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROJEC~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
[2010.05.29 20:04:45 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Extensions
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions
[2011.07.28 11:32:20 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.04.10 12:46:05 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (Google Web Toolkit Developer Plugin for Firefox) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\gwt-dev-plugin@google.com
[2011.02.22 11:45:22 | 000,000,000 | ---D | M] (Read It Later) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\isreaditlater@ideashower.com
[2012.04.10 12:46:03 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\staged-xpis
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\mozilla firefox\extensions
[2010.11.02 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.21 12:51:47 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 18:53:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.29 20:19:37 | 000,075,208 | ---- | M] (Foxit Software Company) -- F:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.03.15 11:55:12 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - F:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Project Professional\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] F:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] F:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] F:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] F:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VMware hqtray] F:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [CweWjhjf] F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] F:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E09DA1-FD56-48FF-8CB9-163A8BA269D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - F:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.06.03 12:04:44 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.03 12:04:42 | 000,000,000 | ---D | C] -- F:\Program Files\CCleaner
[2012.06.03 09:50:00 | 000,000,000 | ---D | C] -- F:\Users\mobile\AppData\Roaming\Malwarebytes
[2012.06.03 09:49:54 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 09:49:52 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2012.06.03 09:49:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 09:49:51 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.03 09:40:55 | 000,000,000 | ---D | C] -- F:\_OTL
[2010.10.14 16:10:28 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- F:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010.10.14 16:10:27 | 000,626,688 | ---- | C] (SAP AG) -- F:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010.10.14 16:10:27 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- F:\Program Files (x86)\Common Files\sapconsr3.dll
[2010.10.14 16:10:26 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- F:\Program Files (x86)\Common Files\DigitalSignature.ocx
========== Files - Modified Within 30 Days ==========
[2012.06.03 12:17:02 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 12:04:44 | 000,000,839 | ---- | M] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:50:30 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 09:50:30 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 09:49:54 | 000,001,126 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.03 09:42:57 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012.06.03 09:42:52 | 2960,523,264 | -HS- | M] () -- F:\hiberfil.sys
[2012.06.02 00:08:06 | 000,000,000 | ---- | M] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:54:37 | 000,036,243 | ---- | M] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:03 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2012.06.01 23:27:59 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 18:03:59 | 000,002,048 | -H-- | M] () -- F:\Users\mobile\Documents\Default.rdp
========== Files Created - No Company Name ==========
[2012.06.03 12:04:44 | 000,000,839 | ---- | C] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:49:54 | 000,001,126 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.02 00:08:06 | 000,000,000 | ---- | C] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:55:57 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 23:54:43 | 000,036,243 | ---- | C] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:13 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2011.11.01 15:07:47 | 000,003,584 | ---- | C] () -- F:\Users\mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.14 16:10:27 | 000,955,904 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010.10.14 16:10:27 | 000,949,760 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
[2010.10.14 16:09:31 | 001,064,960 | ---- | C] () -- F:\Windows\SysWow64\h5krnl32.dll
[2010.10.14 16:09:31 | 000,188,928 | ---- | C] () -- F:\Windows\SysWow64\h5icon32.dll
[2010.10.14 16:09:31 | 000,175,616 | ---- | C] () -- F:\Windows\SysWow64\h5menu32.dll
[2010.10.14 16:09:31 | 000,095,744 | ---- | C] () -- F:\Windows\SysWow64\h5rtf32.dll
[2010.10.14 16:09:31 | 000,051,200 | ---- | C] () -- F:\Windows\SysWow64\h5tool32.dll
========== LOP Check ==========
[2011.02.17 21:56:13 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\.purple
[2012.04.26 11:09:10 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Canon
[2012.06.03 09:44:24 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Dropbox
[2010.05.31 18:53:22 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\enchant
[2010.07.14 19:43:54 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Foxit Software
[2010.11.11 14:05:05 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\gtk-2.0
[2011.04.03 18:14:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\streamripper
[2011.02.24 14:13:31 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Subversion
[2011.10.18 17:14:33 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TeamViewer
[2011.01.01 12:05:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TrueCrypt
[2010.06.03 15:59:14 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,028,854 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > Code:
OTL Extras logfile created on: 03.06.2012 12:12:22 - Run 2
OTL by OldTimer - Version 3.2.45.0 Folder = F:\Users\mobile\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 43,54% Memory free
7,35 Gb Paging File | 5,10 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,27 Gb Free Space | 30,00% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 0,40 Gb Free Space | 1,35% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,34 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- F:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08107AE2-6C4A-4685-8CA3-5870F581C6C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F44C468-8426-4E63-AE4A-CC399C86D241}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F567F06-BA35-40BA-B630-9EA4846E3DDB}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\outlook.exe |
"{2803B4EB-9494-4A41-BC3B-DBCE94FFD8AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{3714E0F3-C1D3-487B-803E-C23DCC7D14D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3732F1D9-5426-48A9-B42D-9C0520C80E21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A516AE2-6A0A-4340-A9F4-C74BE55D64F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3FF707DF-CF5F-443E-ACE0-46B23B6221EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{46FDC923-4DEA-4185-9802-A72D2E6BDB61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A4AD361-DCF5-4CAF-A7BB-4FAD2C0D2C69}" = rport=445 | protocol=6 | dir=out | app=system |
"{8030830F-3356-4553-A19B-EA48CA9C4FAE}" = lport=137 | protocol=17 | dir=in | app=system |
"{8334A3A2-A44F-4975-9E16-8082F72F9484}" = rport=139 | protocol=6 | dir=out | app=system |
"{98992D2B-5713-42C0-A1F3-6D54C9154D49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1B6E8AF-9DF7-47B7-8F9D-EE9D9B54F429}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB00ECBE-9834-4AB7-B23A-CAA05C57098E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B010D33F-CA07-4116-B668-04E75B5D8B1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B038BAAC-173A-4BE4-AAAF-DD774AD29033}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D168F71B-C31A-4B69-9D77-1AC31CF7174F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4720449-8E88-40A0-BCB3-85DFAC8771CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{E77E9C0C-683C-4506-8CB0-3B618BE4CF47}" = rport=138 | protocol=17 | dir=out | app=system |
"{F2B36BEE-7A44-4F16-B14E-A49760F2A3EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F553D608-510E-4DB4-ABD3-BA25CCB4899C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEDB49DA-D3FD-4526-9994-09A529D6BB9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102B2FC3-7E47-4594-9AD9-47545BE89357}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2E348EC0-5D11-4832-B42B-57BF3BB01916}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{50F05203-938C-4B40-96FC-AF013A378988}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{5EABC6EB-C039-4B61-A8E6-C104D1673CFC}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe |
"{65422950-BC13-48F0-A8EB-9C233BBD5F0C}" = protocol=17 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe |
"{66BB5243-F9C4-42B1-86E1-A6F3E7A22758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6EFD23B0-3A60-48CA-B554-276471BB431F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F39932-7E72-47CF-BAE5-89E6C1D98685}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe |
"{9DB14E23-E179-40DC-9338-AF38D965A750}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe |
"{A7A5BC7D-6862-4E1D-B1CF-391B6C464A3F}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AB082FF8-4ED6-4DFA-858C-DF629EF971E3}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AD69D563-6D24-4C38-BDB9-50E61E8CAC41}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe |
"{AFD29611-84D4-41F3-9864-D6B0FC4D461F}" = protocol=6 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3CFC50E-6CBA-40C1-A50E-D70EF2D66730}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe |
"{B8909E9B-9A73-42FD-9D06-C5ECA10B75BF}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{EC219A88-91F5-4374-8BB0-95996A578393}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EE0651A9-35AD-4525-A39C-1647877B546D}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{F914C9A9-23C7-4141-B9EC-09C9ECA0A2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{209F4E90-9067-4ABA-8694-C3297976B651}F:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=f:\windows\system32\javaw.exe |
"TCP Query User{3583AC51-D108-4635-B0BC-6F56E5ED8F4C}F:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{81F0B50F-1B02-4808-9711-1FBE32650D65}F:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{A8D28D8C-E821-4244-A211-B21645129859}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe |
"TCP Query User{AA9096BB-0634-4D4E-8517-D84E0550C713}F:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=f:\windows\syswow64\svchost.exe |
"TCP Query User{CA81D9CA-7BF0-4339-B668-F61AC3847DBC}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{FB66BE99-85DB-4ABC-AD28-4199C857517C}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe |
"UDP Query User{09989FB6-235F-43CA-B118-698D77FB303E}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{1F37F3E4-F26F-4BB0-A00D-F90623E8DF57}F:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=f:\windows\system32\javaw.exe |
"UDP Query User{5C7A66DD-3303-4F4D-AA4C-C470BC2A869A}F:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{5DC904CF-4D6C-42D3-B837-0472F0EF099F}F:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{81386AA6-3847-4717-ABD8-2630E22642C5}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe |
"UDP Query User{AA70EAF8-9121-4766-9733-296BF343D27C}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe |
"UDP Query User{F6F596D7-1970-49AE-BA61-4177F627F4CD}F:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=f:\windows\syswow64\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C8A7076-3266-480B-9944-B86EBD7BF589}" = Google Web Toolkit Developer Plugin for IE (x64)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Protege 4.1" = Protege 4.1
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0402D28F-B9B7-4983-93FC-DBF673736D3F}" = Google Web Toolkit Developer Plugin for IE (x86)
"{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F77D1207-7FA7-4FDC-BF7B-D08395AA9722}" = QIP 2005 8097 Jeak-Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FASM_is1" = FASM version 0.16
"Foxit Reader" = Foxit Reader
"InstallShield_{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom 4.10
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Miranda IM" = Miranda IM 0.8.24
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pidgin" = Pidgin
"SAP_ECL" = ECL Viewer
"SAPGUI710" = SAP GUI 7.10
"SpeedFan" = SpeedFan (remove only)
"Streamripper" = Streamripper (Remove only)
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.1.7
"VMware_Player" = VMware Player
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"TeXLive2010" = TeX Live 2010
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.05.2012 01:00:56 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 244c Startzeit: 01cd3e958c5ecfbb Endzeit: 19 Anwendungspfad:
F:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 01.06.2012 01:18:39 | Computer Name = mobile-*****| Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 20d4 Startzeit: 01cd3f5be755c638 Endzeit: 13 Anwendungspfad:
F:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8193
Description =
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8211
Description =
Error - 02.06.2012 05:03:11 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3000.0,
Zeitstempel: 0x4b57c888 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000
ID
des fehlerhaften Prozesses: 0xcc4 Startzeit der fehlerhaften Anwendung: 0x01cd403fe2592958
Pfad
der fehlerhaften Anwendung: F:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: c6a42ad3-ac91-11e1-a993-e2d23d058f2c
Error - 02.06.2012 13:30:52 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: fa8 Startzeit: 01cd4044b1a99075 Endzeit: 70 Anwendungspfad:
F:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.06.2012 17:21:53 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 57c0 Startzeit: 01cd40c3f4a4a3be Endzeit: 16 Anwendungspfad:
F:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 03.06.2012 03:41:10 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lsm.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7abf0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000020a4a
ID
des fehlerhaften Prozesses: 0x218 Startzeit der fehlerhaften Anwendung: 0x01cd403fac206e2a
Pfad
der fehlerhaften Anwendung: F:\Windows\system32\lsm.exe Pfad des fehlerhaften Moduls:
F:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 7c72c599-ad4f-11e1-a993-e2d23d058f2c
Error - 03.06.2012 03:41:15 | Computer Name = ***** | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess F:\Windows\system32\lsm.exe ist fehlgeschlagen
mit den Statuscode 255. Der Computer muss neu gestartet werden.
Error - 03.06.2012 03:45:08 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3000.0,
Zeitstempel: 0x4b57c888 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000
ID
des fehlerhaften Prozesses: 0xee4 Startzeit der fehlerhaften Anwendung: 0x01cd415ccadcda70
Pfad
der fehlerhaften Anwendung: F:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 0a194c7e-ad50-11e1-821e-005056c00008
[ OSession Events ]
Error - 19.06.2010 08:43:59 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 984
seconds with 240 seconds of active time. This session ended with a crash.
Error - 19.06.2010 08:54:41 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 629
seconds with 600 seconds of active time. This session ended with a crash.
Error - 02.12.2010 06:35:08 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 82848 seconds with 120 seconds of active time. This session ended with a
crash.
Error - 24.02.2011 08:16:33 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 290
seconds with 0 seconds of active time. This session ended with a crash.
Error - 14.05.2011 01:27:56 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 44285
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07.04.2012 03:09:43 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
Server 2008 R2 für x64-basierte Systeme (KB2600217)
Error - 08.04.2012 13:54:58 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
Server 2008 R2 für x64-basierte Systeme (KB2600217)
Error - 10.04.2012 06:41:43 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
Server 2008 R2 für x64-basierte Systeme (KB2600217)
Error - 11.04.2012 14:17:29 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
Server 2008 R2 für x64-basierte Systeme (KB2600217)
Error - 12.04.2012 04:25:50 | Computer Name = ***** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "F:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 13.04.2012 02:42:52 | Computer Name = ***** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 13.04.2012 02:42:52 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 13.04.2012 02:51:52 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656368)
Error - 13.04.2012 15:23:11 | Computer Name = ***** | Source = Ntfs | ID = 262281
Description = Auf dem Volume "E:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 13.04.2012 15:23:12 | Computer Name = ***** | Source = DCOM | ID = 10010
Description =
< End of report > |