nasa2013 | 10.05.2013 18:20 | Hallo Aneri
Ich hab mich dazu entschieden durch eine Systemwiederherstellung zu einem zeitpunkt wo der Trojaner noch nicht auf meinem System war zu Resetten und habe dann nach dem ich meine datan von C: gesichert habe mich zu einer Neuinstallation Entschieden.
ich habe aber trozdem nach der neuinstallation den OTL Scan durchgeführt und dir die Logfiels hier gepostet.
Ich würde mich über eine antwort deinerseits Trozdem sehr freuen und dir und auch allen anderen hier ein sehr großes lob aussprechen das Ihr allen die hier nach Hilfe suchen auch diese Hilfe zukommen lasst.
Lg Sascha
Extras.txt Code:
OTL Extras logfile created on: 10.05.2013 19:10:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NaSa\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 57,36% Memory free
6,69 Gb Paging File | 5,88 Gb Available in Paging File | 87,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 84,40 Gb Free Space | 86,43% Space Free | Partition Type: NTFS
Drive D: | 498,51 Gb Total Space | 259,63 Gb Free Space | 52,08% Space Free | Partition Type: NTFS
Drive E: | 2,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 27,49 Gb Total Space | 27,35 Gb Free Space | 99,48% Space Free | Partition Type: FAT32
Computer Name: NaSa-PC | User Name: NaSa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.05.2013 13:09:00 | Computer Name = NaSa-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 10.05.2013 11:04:30 | Computer Name = 26L2233B1-13 | Source = HTTP | ID = 15016
Description =
Error - 10.05.2013 11:41:33 | Computer Name = NaSa-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.
Error - 10.05.2013 13:08:52 | Computer Name = NaSa-PC | Source = HTTP | ID = 15016
Description =
< End of report >
OTL.txt Code:
OTL logfile created on: 10.05.2013 19:10:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NaSa\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 57,36% Memory free
6,69 Gb Paging File | 5,88 Gb Available in Paging File | 87,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 84,40 Gb Free Space | 86,43% Space Free | Partition Type: NTFS
Drive D: | 498,51 Gb Total Space | 259,63 Gb Free Space | 52,08% Space Free | Partition Type: NTFS
Drive E: | 2,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 27,49 Gb Total Space | 27,35 Gb Free Space | 99,48% Space Free | Partition Type: FAT32
Computer Name: NaSa-PC | User Name: NaSa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\NaSa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB840452-4521-464C-820C-9731481F6A0E}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.01.19 22:00:00 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.10 19:08:50 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2013.05.10 19:06:44 | 000,454,288 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2013.05.10 19:06:44 | 000,100,896 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll
[2013.05.10 19:06:44 | 000,080,488 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RtNicProp32.dll
[2013.05.10 19:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.05.10 19:06:40 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013.05.10 18:53:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\NaSa\Desktop\OTL.exe
[2013.05.10 17:15:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.05.10 17:11:47 | 000,000,000 | R--D | C] -- C:\Users\NaSa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.10 17:11:47 | 000,000,000 | R--D | C] -- C:\Users\NaSa\Searches
[2013.05.10 17:11:47 | 000,000,000 | R--D | C] -- C:\Users\NaSa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.10 17:11:37 | 000,000,000 | ---D | C] -- C:\Users\NaSa\AppData\Roaming\Identities
[2013.05.10 17:11:35 | 000,000,000 | R--D | C] -- C:\Users\NaSa\Contacts
[2013.05.10 17:11:34 | 000,000,000 | ---D | C] -- C:\Users\NaSa\AppData\Local\VirtualStore
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Vorlagen
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\AppData\Local\Verlauf
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\AppData\Local\Temporary Internet Files
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Startmenü
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\SendTo
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Recent
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Netzwerkumgebung
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Lokale Einstellungen
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Documents\Eigene Videos
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Documents\Eigene Musik
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Eigene Dateien
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Documents\Eigene Bilder
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Druckumgebung
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Cookies
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\AppData\Local\Anwendungsdaten
[2013.05.10 17:11:31 | 000,000,000 | -HSD | C] -- C:\Users\NaSa\Anwendungsdaten
[2013.05.10 17:11:30 | 000,000,000 | --SD | C] -- C:\Users\NaSa\AppData\Roaming\Microsoft
[2013.05.10 17:11:30 | 000,000,000 | R--D | C] -- C:\Users\NaSa\Videos
[2013.05.10 17:11:30 | 000,000,000 | R--D | C] -- C:\Users\NaSa\Saved Games
[2013.05.10 17:11:30 | 000,000,000 | R--D | C] -- C:\Users\NaSa\Pictures
[2013.05.10 17:11:30 | 000,000,000 | R--D | C] -- C:\Users\NaSa\Music
[2013.05.10 17:11:30 | 000,000,000 | R--D | C] -- C:\Users\NaSa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.10 17:11:30 | 000,000,000 | R--D | C] -- C:\Users\NaSa\Links
[2013.05.10 17:11:30 | 000,000,000 | R--D | C] -- C:\Users\NaSa\Favorites
[2013.05.10 17:11:30 | 000,000,000 | R--D | C] -- C:\Users\NaSa\Downloads
[2013.05.10 17:11:30 | 000,000,000 | R--D | C] -- C:\Users\NaSa\Documents
[2013.05.10 17:11:30 | 000,000,000 | R--D | C] -- C:\Users\NaSa\Desktop
[2013.05.10 17:11:30 | 000,000,000 | R--D | C] -- C:\Users\NaSa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.10 17:11:30 | 000,000,000 | -H-D | C] -- C:\Users\NaSa\AppData
[2013.05.10 17:11:30 | 000,000,000 | ---D | C] -- C:\Users\NaSa\AppData\Local\Temp
[2013.05.10 17:11:30 | 000,000,000 | ---D | C] -- C:\Users\NaSa\AppData\Local\Microsoft
[2013.05.10 17:11:30 | 000,000,000 | ---D | C] -- C:\Users\NaSa\AppData\Roaming\Media Center Programs
[2013.05.10 17:09:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.05.10 17:09:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.05.10 17:09:32 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.05.10 17:09:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.05.10 17:09:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.05.10 17:09:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.05.10 17:09:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.05.10 17:09:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.05.10 17:09:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.05.10 17:06:19 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.05.10 16:16:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
========== Files - Modified Within 30 Days ==========
[2013.05.10 19:08:06 | 000,000,680 | ---- | M] () -- C:\Users\NaSa\AppData\Local\d3d9caps.dat
[2013.05.10 19:07:39 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.10 19:07:39 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.10 18:54:24 | 000,617,444 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.10 18:54:24 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.10 18:54:24 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.10 18:54:24 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.10 17:45:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.10 17:45:37 | 000,228,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.10 17:14:04 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E8A56F83-FACB-4070-A380-ECEB994E941B}.job
[2013.05.10 17:07:58 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013.05.10 17:07:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2013.05.10 15:29:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NaSa\Desktop\OTL.exe
========== Files Created - No Company Name ==========
[2013.05.10 17:14:04 | 000,000,416 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{E8A56F83-FACB-4070-A380-ECEB994E941B}.job
[2013.05.10 17:11:48 | 000,000,949 | ---- | C] () -- C:\Users\NaSa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.10 17:11:46 | 000,000,944 | ---- | C] () -- C:\Users\NaSa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.05.10 17:11:35 | 000,000,915 | ---- | C] () -- C:\Users\NaSa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013.05.10 17:11:32 | 000,000,680 | ---- | C] () -- C:\Users\NaSa\AppData\Local\d3d9caps.dat
[2013.05.10 17:07:37 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2013.05.10 17:07:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008.01.21 04:23:46 | 011,580,416 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008.01.21 04:24:24 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report > |