Samson86 | 03.08.2012 19:52 | GUV Trojaner - Windows 7 64 Bit. Computer wurde gesperrt Ich habe mir den GVU-Trojaner leider eingefangen. Habe mein System im abgesicherten Modus gestartet und eine Systemwiederherstellung durchgeführt damit ich wieder auf meinen Laptop zugreifen kann.
EDIT: Meine Natürlich den GVU-Trojaner und nicht den GUV-Trojaner wie es im Titel steht.
Ich bräuchte eure Hilfe damit ich den Trojaner los werde. Ich hoffe ihr könnt mir bitte weiterhelfen.
Hier meine OTL.Txt Datei: Code:
OTL logfile created on: 03.08.2012 19:22:02 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,57% Memory free
3,98 Gb Paging File | 2,85 Gb Available in Paging File | 71,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 147,49 Gb Total Space | 116,44 Gb Free Space | 78,95% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 77 44 EA 64 F1 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 18:10:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 18:10:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.02.22 18:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.05.02 09:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\81b8lrjk.default\extensions
[2012.07.28 11:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.28 11:30:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.02.22 21:18:39 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\81B8LRJK.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.07.19 18:10:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.19 18:10:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.19 18:10:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.19 18:10:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.19 18:10:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.19 18:10:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.19 18:10:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{381FF933-B535-47AD-B63B-18BDDC52AF69}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5059e9f0-65d3-11e1-9c61-001d60f16425}\Shell - "" = AutoRun
O33 - MountPoints2\{5059e9f0-65d3-11e1-9c61-001d60f16425}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.03 19:20:47 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.08.03 17:23:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{13460BA1-EF62-4B24-B29E-5597F36CD2B8}
[2012.08.03 17:23:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C44579E7-BE3B-465C-B7D9-B49DFE39F252}
[2012.08.02 23:11:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DB3CDBEF-EAC9-4B0A-A3FE-4794648E7D4F}
[2012.08.02 23:11:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2DC49FE6-1E9D-4C57-B2A3-6F587937DF00}
[2012.08.02 10:40:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2B83397B-A004-42AB-96B0-F70EF531BAB5}
[2012.08.02 10:40:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{48626B29-59BF-4FE8-960E-EB5A53E7DC65}
[2012.08.01 14:04:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C1503CC4-CCB6-4412-B6C6-BC3303712C88}
[2012.08.01 14:04:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B8D4B607-984A-464D-8DDA-B6B9438BF34D}
[2012.07.31 12:11:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A8499FBD-9316-491A-9B91-E8CDFF628DA3}
[2012.07.31 12:10:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E259873C-59D0-46EC-8909-51301B091159}
[2012.07.30 23:04:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1E8A0052-2D93-423A-9656-F5DC00749B78}
[2012.07.30 23:04:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A0BEAD62-F366-47E0-8D89-E53FE8918FEA}
[2012.07.30 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{321A6B32-3496-4FD2-9F78-F807689DF796}
[2012.07.30 11:03:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DDC5A07A-14B3-4A1F-86B5-C9A7D8EF7672}
[2012.07.29 23:03:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{476D6BF6-FDE5-4AE1-B7A8-B245A44B8C3D}
[2012.07.29 23:03:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{297AB0B7-3B22-4A0A-9D60-55A231C70D93}
[2012.07.29 11:02:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1396C19B-2326-4B32-AF5E-518FC6066AB4}
[2012.07.29 11:02:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E13A2646-8047-4EA9-A8CA-AFC0AD565682}
[2012.07.28 23:02:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3E50A5D3-CC15-4247-97E6-164865845F22}
[2012.07.28 23:02:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2B6D209C-24B0-4D29-AA41-CB0A3CBCE96C}
[2012.07.28 11:30:47 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.07.28 11:30:47 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.07.28 11:30:47 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.07.28 11:30:47 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.07.28 11:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.07.28 11:01:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{556F74EC-B97F-4FE0-A56D-6582CE09D98B}
[2012.07.28 11:01:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7CD46AEB-EF12-43C2-8EBE-6DEA4281083C}
[2012.07.27 18:46:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3BBD7E0E-EC70-4974-A88E-78C5CA891310}
[2012.07.27 18:45:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{85382A7A-6AAC-497C-86D8-CE5D13BE5F53}
[2012.07.27 10:50:32 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Geo-Examen
[2012.07.27 06:46:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B6210FC3-963F-451D-9851-E0CC484D5132}
[2012.07.26 16:19:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{F3C2FA9B-1CAB-4044-BC1E-1B197DDC3834}
[2012.07.26 16:19:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B8E70E4D-103F-4B13-866E-0BEB0C584B0B}
[2012.07.26 03:33:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{187D324B-1A5A-4BBE-8D94-11EE7444FA17}
[2012.07.25 15:27:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E7799B4A-2C74-4102-A900-D52FAFE7CAA4}
[2012.07.25 15:26:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{AFAAE94B-B512-43DF-AC4A-E876AE2AAD60}
[2012.07.24 18:04:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2012.07.24 17:57:44 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\OpenOffice.org 3.4 (de) Installation Files
[2012.07.24 17:50:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{57134399-D5DD-4274-ACB3-600C8ECB2D14}
[2012.07.24 17:50:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B37833D9-50BC-4E79-B454-7DF0F2AC6403}
[2012.07.23 20:15:42 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\B2
[2012.07.23 18:22:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{874B6789-3458-400D-A06F-0FC4AAB65485}
[2012.07.23 18:21:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C4397BE9-ACE7-4E7B-A20D-520828E2883E}
[2012.07.22 10:14:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E51A3CA4-E7E0-4567-AA2B-5D8C5E6CFC4E}
[2012.07.22 10:14:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2CEA1864-C206-403C-89E3-379E8C581467}
[2012.07.21 19:42:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2C471AB8-E952-427B-8591-D3727D5C8AF4}
[2012.07.21 19:42:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2D26E4FE-5955-4AD6-91E7-12D2DE772434}
[2012.07.21 17:33:01 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Schriftspracherwerb
[2012.07.21 07:42:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C68A47A5-1D5C-478C-AAF4-4687477930C5}
[2012.07.20 16:24:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9F3306B6-B1B9-4577-8CBB-9F7279E4700B}
[2012.07.20 16:23:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{F4F4BAB3-EC50-4256-B00B-B30DCE25B6AF}
[2012.07.20 00:00:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C30CA3F7-324E-4252-A239-AC22E673737E}
[2012.07.20 00:00:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{42596AE1-BBB5-4A7A-AE9A-77BDBEC4C9FD}
[2012.07.19 12:00:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{11C8DE8D-5498-4EB8-A030-35EAB86F779D}
[2012.07.19 11:59:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CFED939B-6191-4042-87AD-3625D4A63EF2}
[2012.07.19 02:49:04 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.19 02:27:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.19 02:27:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.19 02:27:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.19 02:27:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.19 02:27:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.19 02:27:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.19 02:27:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.19 02:27:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.19 02:27:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.19 02:27:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.19 02:27:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.19 02:27:11 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.19 02:27:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.18 23:54:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E5C176F0-66DD-4F75-9D4E-D32A264A80A9}
[2012.07.18 23:54:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3361985D-C838-4E4B-87DF-40829813FE65}
[2012.07.18 23:18:18 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Geographie Praktikum
[2012.07.18 23:05:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.18 23:03:03 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.07.18 23:02:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.18 23:02:44 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.07.18 23:02:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.07.18 23:02:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.07.18 23:02:28 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.07.18 23:02:27 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.07.18 23:02:26 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.07.18 23:02:19 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.07.18 23:02:06 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.18 23:02:06 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.18 22:56:59 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.18 22:56:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.18 16:53:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2B714369-9A6E-419A-AF0D-955F4C81B5AE}
[2012.07.18 16:53:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9F33DC29-F474-4B47-BADD-20AC850820DC}
[2012.07.17 13:54:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{ABA59610-25C4-44F3-A285-6594F0458682}
[2012.07.17 13:53:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{536B284B-6DBA-458A-8046-9D6E14E46AFE}
[2012.07.16 23:10:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{EBA94133-E4CD-43DB-A572-730B1A9486DE}
[2012.07.16 23:10:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{557606A1-9E6F-4158-9E03-447B067517D4}
[2012.07.16 11:09:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B58F292C-961E-457E-890D-EC70A85D130D}
[2012.07.16 11:09:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{20B24EE7-73A9-48BE-9450-2E62B71E8826}
[2012.07.15 19:34:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{475194B0-E993-4F7B-90AD-56CA0D891B81}
[2012.07.15 19:34:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C56E7D58-11E6-4873-8DDD-AA66B61E4774}
[2012.07.14 12:13:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CB27484C-9EA3-47A4-9979-C5110577E0E4}
[2012.07.14 12:13:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C16368F0-A2BD-42B7-B6BA-F8497912F13E}
[2012.07.13 17:07:39 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Technik SS2012
[2012.07.13 17:07:23 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Zoologie
[2012.07.13 17:07:09 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Ökologie
[2012.07.13 16:43:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{03CAFA8F-0D15-45C8-B961-22950F9C52E8}
[2012.07.13 16:43:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{20AA1F13-EDA0-4D7C-B3B6-DC6EFF14D8F1}
[2012.07.13 11:23:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2012.07.13 11:22:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{73D82721-8010-437F-8EA4-255D3F364B2B}
[2012.07.13 11:21:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B47A13C7-31F8-4D98-B012-94A56225B2F5}
[2012.07.13 01:35:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.12 17:39:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 17:16:15 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.07.12 17:16:14 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.12 17:16:14 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.07.12 17:16:01 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.07.12 17:16:01 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.07.12 17:16:01 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.07.12 17:15:46 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.07.12 17:15:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.07.12 17:05:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{22BAAF76-DE96-4133-B2B2-7FA019EA2F03}
[2012.07.12 17:05:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{AC0FFE22-39DB-488D-AC43-1A48E078DB91}
========== Files - Modified Within 30 Days ==========
[2012.08.03 19:20:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.08.03 18:54:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.03 18:54:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 18:54:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.03 17:19:21 | 000,022,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 17:19:21 | 000,022,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 17:15:26 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.03 17:15:26 | 000,656,266 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.03 17:15:26 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.03 17:15:26 | 000,131,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.03 17:15:26 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.03 17:11:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.03 17:10:53 | 1603,723,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.03 01:03:54 | 000,268,713 | ---- | M] () -- C:\Users\user\Desktop\SPlanE-2012-803.pdf
[2012.07.28 11:30:30 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.07.28 11:30:30 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.07.28 11:30:30 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.07.28 11:30:29 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.07.28 11:30:29 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.07.27 12:01:22 | 000,037,210 | ---- | M] () -- C:\Users\user\Documents\cc_20120727_120101.reg
[2012.07.27 11:56:00 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.26 18:17:03 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.26 17:56:43 | 000,072,018 | ---- | M] () -- C:\Users\user\Desktop\ewak_122_web.pdf
[2012.07.24 22:51:40 | 000,443,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.18 22:41:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.15 18:08:43 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.13 16:25:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
========== Files Created - No Company Name ==========
[2012.08.03 01:03:54 | 000,268,713 | ---- | C] () -- C:\Users\user\Desktop\SPlanE-2012-803.pdf
[2012.07.27 12:01:05 | 000,037,210 | ---- | C] () -- C:\Users\user\Documents\cc_20120727_120101.reg
[2012.07.26 18:15:50 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.26 17:56:43 | 000,072,018 | ---- | C] () -- C:\Users\user\Desktop\ewak_122_web.pdf
[2012.07.18 22:40:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.13 15:19:42 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.02.22 15:31:51 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.22 14:02:12 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.02.22 14:01:58 | 000,001,024 | ---- | C] () -- C:\Users\user\.rnd
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
< End of report > Hier meine Extras.Txt Code:
OTL Extras logfile created on: 03.08.2012 19:22:02 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,57% Memory free
3,98 Gb Paging File | 2,85 Gb Available in Paging File | 71,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 147,49 Gb Total Space | 116,44 Gb Free Space | 78,95% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E16F9A-3B03-4768-AB7E-3F83BCD3F9A3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{13995AF0-CFD4-4D84-8060-28FF0486F067}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1BBA3F3F-B722-4F65-A06A-561A741FDE38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E7E68A1-F825-4E31-B301-6B39C015FE94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FD7AFFF-E978-427D-A327-0707A6E7EFEA}" = lport=138 | protocol=17 | dir=in | app=system |
"{30C5D20B-2EBE-419C-807B-C88251139EB2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{30D53847-A9B2-4114-9C2B-06924FF6CBD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3278FB3A-8D94-423C-A9CC-7984E7A6243C}" = rport=137 | protocol=17 | dir=out | app=system |
"{410458F2-007C-4C10-B71E-C5EA77C55467}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C0458F5-7D0B-4110-8878-72018702B353}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C7D16D6-6E48-4205-9764-CA9ECDC85D74}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7A38B795-609E-4D24-A437-96D13A85EB6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{977FF987-F2C7-4BF7-8CCE-6349DB399F91}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA81F79D-25DA-4FB7-98A6-9A6B2FC97672}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7175622-55BC-4707-88BB-FFE79D983B2B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CD4DEF3B-97EA-4057-9BF5-08E174CED3CE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CDFF0F78-609A-4B7D-8B45-E92A83E92FA9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6EE0B2D-92ED-40EB-B4BC-A789244D2A5C}" = lport=137 | protocol=17 | dir=in | app=system |
"{E9904832-2D0A-43A3-81A6-89BB355BCA4D}" = lport=139 | protocol=6 | dir=in | app=system |
"{ECD85EFF-B351-4C50-809B-C73DD749D96F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0D90229-A20E-41B6-AD21-65647B0C8345}" = rport=139 | protocol=6 | dir=out | app=system |
"{F0FEDBE1-E92C-4DC7-AABF-3E759D58B837}" = rport=445 | protocol=6 | dir=out | app=system |
"{F1A5698C-6FDE-43BB-B961-C6DE2A45952D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F3177DF0-9549-4825-AB00-0213CBF798F4}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005D61EB-19D3-4438-8C9D-7256D9F9C586}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0301BEE3-F126-410B-BFD7-67B3F56F3E5A}" = protocol=6 | dir=out | app=system |
"{1FF45646-916D-42C8-91A8-5D993B578EAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2B344A2D-F416-4E65-AA35-60B1A0FD2F7A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3E2529FD-ED2E-453C-8EF5-273CEFCA3E15}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{47184989-F9ED-4DBC-A0F2-1CD57657334C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CE49E1F-1A27-495F-B581-8466F7AA20E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{520DE5D0-8F8B-4230-A22A-E43275AE5FFC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5BD420BC-FD92-4F18-9580-CE34B6F12FCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F340035-8532-4492-8C37-C90F17BBC646}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66C56E54-84AC-4FC6-A22A-627D2DA2B4A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6F8C6BC2-8ABF-4338-B3E2-507CCAD8545C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7BEFC146-7145-4845-B627-0CEDE1E9ABF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8884B67A-2CC9-4292-82CA-72C0A644D76F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A44C70C3-C83B-45FF-946A-2868BD76880A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA4B05CC-4BA2-482C-93FD-32765460D225}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CC1A1877-9DC3-4FBA-9BFA-ADCDB4A6AAC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4B94F53-A1E5-48CA-BE33-9F3566C2C121}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7592CB3-1AF7-4682-ACA4-B20ED72751A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DFB75707-8AF3-4544-B134-FA44E4FF9C50}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1010309-E784-4CFC-BACE-4FE0647752B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E62A7017-FE02-402C-B5A7-7CBF7A0DA99A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{ECA5A4F4-407A-4A2E-A379-E9785126970F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA0E495E-7391-42ED-8675-B0C29B0AAFA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA24313F-7C2A-4529-9F71-664B00E970AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0BD9AAFE-F2CE-4DEA-86A1-E57E120A3B5B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E26E4C94-9B13-448F-9476-A0F6F53B90C9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{99C88B51-B4FC-42CE-86F6-D603EF59409B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{CEB94A5E-DCC8-4444-8354-21364CF4DD09}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{620CAD2D-0757-43A9-AA5F-C8D48A1E4D85}_is1" = BigMacroTool 1.5
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SopCast" = SopCast 3.4.8
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.07.2012 10:43:53 | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 31.07.2012 10:43:53 | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 31.07.2012 10:43:53 | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 01.08.2012 08:01:28 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.08.2012 08:31:46 | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 01.08.2012 08:31:46 | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 01.08.2012 08:31:46 | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 01.08.2012 10:43:36 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc541 Name des fehlerhaften Moduls: igd10umd64.dll, Version: 8.14.10.1930,
Zeitstempel: 0x4aba7355 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000e9040
ID
des fehlerhaften Prozesses: 0x99c Startzeit der fehlerhaften Anwendung: 0x01cd6fdd9840698a
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\igd10umd64.dll Berichtskennung: 45dca78d-dbe7-11e1-a30a-001d60f16425
Error - 02.08.2012 04:40:16 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 11:12:45 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.08.2012 13:23:49 | Computer Name = user-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.08.2012 13:23:49 | Computer Name = user-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.08.2012 13:23:49 | Computer Name = user-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.08.2012 13:23:49 | Computer Name = user-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.08.2012 13:23:49 | Computer Name = user-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.08.2012 13:23:49 | Computer Name = user-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.08.2012 13:23:49 | Computer Name = user-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.08.2012 13:23:49 | Computer Name = user-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.08.2012 13:23:49 | Computer Name = user-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.08.2012 13:23:49 | Computer Name = user-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
< End of report > Malwarebytes Anti-Malware Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.08.03.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [Administrator]
03.08.2012 19:47:16
mbam-log-2012-08-03 (19-47-16).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 294738
Laufzeit: 37 Minute(n), 48 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende) |