| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HDD Fehler, Desktop leer, Windows Rescue...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.06.2011, 19:57
| #1 |
 |  HDD Fehler, Desktop leer, Windows Rescue... Hallo, Ich habe heute ein mir bisher unbekanntes, laut diesem Board aber bekanntes Problem. Erster kam eine Fehlermeldung "HDD defekt..." danach kam das "Vista Recovery System". Habe dann Neustart gemacht und danach einen Leeren Desktop und leeres Startmenü gehabt. Die Logs von Spybot S&D haben folgendes um diese Uhrzeit vermerkt Code:
ATTFilter 06.06.2011 13:22:24 Verweigert (based on user decision) value "ITBar7Height" (new data: "") gelöscht in User-specific browser toolbar!
06.06.2011 13:22:33 Verweigert (based on user decision) value "VyuAmrmEfIELC" (new data: "C:\ProgramData\VyuAmrmEfIELC.exe") hinzugefügt in System Startup user entry!
Scans von Malware und OTL sind angehängt. Bitte um Hilfe... Malware: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6705
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
06.06.2011 19:20:17
mbam-log-2011-06-06 (19-20-17).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 210440
Laufzeit: 3 Minute(n), 53 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Washer2.rar (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\programdata\31907576.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\programdata\vyuamrmefielc.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Aupex\AppData\Local\Temp\tmp2484.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Washer2.rar\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Washer2.rar\washer2.rar.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 06.06.2011 20:09:01 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Aupex\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,20% Memory free 6,21 Gb Paging File | 5,17 Gb Available in Paging File | 83,27% Paging File free Paging file location(s): d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,18 Gb Total Space | 1,08 Gb Free Space | 3,17% Space Free | Partition Type: NTFS Drive D: | 192,84 Gb Total Space | 12,20 Gb Free Space | 6,33% Space Free | Partition Type: NTFS Drive H: | 7,45 Gb Total Space | 3,45 Gb Free Space | 46,27% Space Free | Partition Type: FAT32 Computer Name: STEFANLAPTOP | User Name: Aupex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Aupex\Desktop\OTL.exe (OldTimer Tools) PRC - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - D:\Program Files\Spybot2\SDWinSec.exe (Safer Networking Ltd.) PRC - d:\Program Files\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\System Control Manager\edd.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (SafeList) ========== MOD - C:\Users\Aupex\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AVP) -- D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (AdobeActiveFileMonitor8.0) -- D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (SBSDWSCService) -- D:\Program Files\Spybot2\SDWinSec.exe (Safer Networking Ltd.) SRV - (SbieSvc) -- d:\Program Files\Sandboxie\SbieSvc.exe (tzuk) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\system32\DRIVERS\tdrpm251.sys (Acronis) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.) DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.) DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SbieDrv) -- d:\Program Files\Sandboxie\SbieDrv.sys (tzuk) DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc) DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 B7 60 24 4D 07 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: KPSA-home-Priess@EasternGraphics.com:1.0.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.04.29 20:04:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.11 15:43:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.05.03 12:47:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2011.02.16 18:06:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8C17574E-F5C5-41b8-8B36-333FC7E67980}: D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\THBExt_2_x [2011.06.06 19:36:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}: D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\THBExt_3_1_x [2011.06.06 19:36:28 | 000,000,000 | ---D | M] [2010.09.20 19:23:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aupex\AppData\Roaming\mozilla\Extensions [2010.09.20 19:23:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aupex\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.06.01 21:43:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions [2010.04.28 11:30:34 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.01 21:43:47 | 000,000,000 | -H-D | M] (Battlefield Play4Free) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\battlefieldplay4free@ea.com [2011.02.26 22:42:26 | 000,000,000 | -H-D | M] (KPSA-Home (Priess)) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\KPSA-home-Priess@EasternGraphics.com [2009.09.10 21:06:59 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\moveplayer@movenetworks.com [2010.03.24 16:13:02 | 000,000,917 | -H-- | M] () -- C:\Users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\searchplugins\conduit.xml File not found (No name found) -- [2011.06.02 21:13:10 | 000,000,000 | -H-D | M] (Java String Helper) -- C:\USERS\AUPEX\APPDATA\ROAMING\5015 [2009.07.02 15:55:18 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.12.16 17:12:16 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.03.31 10:37:02 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.14 18:22:13 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.20 23:18:55 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.12 12:58:43 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.05 14:18:23 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.22 18:56:46 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} O1 HOSTS File: ([2010.02.24 18:04:34 | 000,000,806 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot2\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Program Files\Free Download Manager\iefdm2.dll () O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [AVP] D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CloneCDTray] d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Corel Reminder] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [NBAgent] D:\Program Files\nero10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TrayServer] D:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot2\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: add to &BOM - D:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Alles mit FDM herunterladen - d:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - d:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - d:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - d:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Aupex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - d:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot2\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Users\Aupex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Aupex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1bbcd890-eeea-11de-b9ab-001d9250e6e2}\Shell - "" = AutoRun O33 - MountPoints2\{1bbcd890-eeea-11de-b9ab-001d9250e6e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{2efc8af6-a9ea-11de-b4d8-001d9250e6e2}\Shell - "" = AutoRun O33 - MountPoints2\{2efc8af6-a9ea-11de-b4d8-001d9250e6e2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{34d97eda-1ee7-11e0-9b61-001d9250e6e2}\Shell - "" = AutoRun O33 - MountPoints2\{34d97eda-1ee7-11e0-9b61-001d9250e6e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{6be07ebc-4603-11df-8feb-001d9250e6e2}\Shell - "" = AutoRun O33 - MountPoints2\{6be07ebc-4603-11df-8feb-001d9250e6e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{d249e3c1-ddc0-11dd-a09d-001d9250e6e2}\Shell - "" = AutoRun O33 - MountPoints2\{d249e3c1-ddc0-11dd-a09d-001d9250e6e2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\setup.hta O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.06 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Suite CBE 11 [2011.06.06 19:37:36 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2011.06.06 19:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.06.06 19:34:33 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.06.06 19:13:48 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Aupex\Desktop\mbam-setup-1.51.0.1200.exe [2011.06.06 19:13:48 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aupex\Desktop\tdsskiller.exe [2011.06.06 19:13:48 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Aupex\Desktop\OTL.exe [2011.06.06 16:10:19 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.06.06 13:31:55 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery [2011.06.02 21:13:10 | 000,232,400 | -H-- | C] (Adobe Systems, Incorporated) -- C:\Users\Aupex\AppData\Roaming\AcroIEHelpe.dll [2011.06.02 21:13:10 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\5015 [2011.06.02 21:12:57 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\xmldm [2011.06.02 21:12:55 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\kock [2011.05.31 17:14:05 | 000,000,000 | ---D | C] -- C:\Programs [2011.05.29 09:59:08 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\Media Player Classic [2011.05.26 18:15:45 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 [2011.05.26 18:15:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 [2011.05.26 18:15:30 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub [2011.05.26 18:15:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub [2011.05.26 18:15:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK [2011.05.26 16:38:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\NVIDIA Corporation [2011.05.26 16:37:37 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011.05.26 16:37:36 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2011.05.26 16:37:36 | 005,180,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2011.05.26 16:37:36 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2011.05.26 16:37:36 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2011.05.26 16:37:36 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220140.dll [2011.05.26 16:37:36 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322060.dll [2011.05.26 16:37:36 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2011.05.26 16:37:07 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2011.05.17 16:43:24 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.14 21:41:46 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\Documents\MAGIX Downloads [2011.05.14 21:41:33 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\MAGIX [2011.05.14 21:39:48 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\Documents\MAGIX_Screenshare [2011.05.14 21:39:30 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\Documents\MAGIX_Online_Druck_Service [2011.05.14 21:39:19 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe [2011.05.14 21:39:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\MAGIX [2011.05.14 21:35:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\MAGIX Services [2011.05.14 21:31:42 | 000,585,280 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\emBDA.sys [2011.05.14 21:31:42 | 000,549,952 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\emOEM.sys [2011.05.14 21:31:42 | 000,119,872 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\emPRP.ax [2011.05.14 21:31:42 | 000,080,896 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\emMON.exe [2009.07.16 08:07:57 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe1201.dll [2009.07.16 07:58:20 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe43CB.dll [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Aupex\AppData\Roaming\*.tmp files -> C:\Users\Aupex\AppData\Roaming\*.tmp -> ] [1 C:\Users\Aupex\AppData\Local\*.tmp files -> C:\Users\Aupex\AppData\Local\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.06 20:10:50 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7E58F2E-7704-4F70-9EB3-32EB591D496C}.job [2011.06.06 20:05:01 | 000,001,096 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.06 19:44:57 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2011.06.06 19:38:16 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2011.06.06 19:34:33 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.06.06 19:28:32 | 000,001,092 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.06 19:28:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.06 19:28:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.06 19:28:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.06 19:14:13 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.06 17:23:16 | 000,606,105 | ---- | M] () -- C:\Users\Aupex\Desktop\unhide.exe [2011.06.06 17:22:42 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aupex\Desktop\tdsskiller.exe [2011.06.06 17:22:28 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Aupex\Desktop\mbam-setup-1.51.0.1200.exe [2011.06.06 17:19:16 | 000,050,477 | ---- | M] () -- C:\Users\Aupex\Desktop\Defogger.exe [2011.06.06 17:17:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Aupex\Desktop\OTL.exe [2011.06.06 13:31:56 | 000,000,605 | -H-- | M] () -- C:\Users\Aupex\Desktop\Windows Vista Recovery.lnk [2011.06.06 13:31:50 | 000,000,336 | -H-- | M] () -- C:\ProgramData\31907576 [2011.06.06 12:11:25 | 000,027,335 | -H-- | M] () -- C:\Users\Aupex\AppData\Roaming\nvModes.dat [2011.06.06 12:11:25 | 000,027,335 | -H-- | M] () -- C:\Users\Aupex\AppData\Roaming\nvModes.001 [2011.06.06 11:29:16 | 000,138,264 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.06.06 10:41:33 | 000,523,061 | -H-- | M] () -- C:\Users\Aupex\mricrocosft.cab [2011.06.04 22:06:30 | 000,131,072 | -H-- | M] () -- C:\Users\Aupex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.04 12:36:29 | 000,000,680 | -H-- | M] () -- C:\Users\Aupex\AppData\Local\d3d9caps.dat [2011.06.02 21:13:10 | 000,232,400 | -H-- | M] (Adobe Systems, Incorporated) -- C:\Users\Aupex\AppData\Roaming\AcroIEHelpe.dll [2011.06.01 23:57:17 | 000,138,056 | -H-- | M] () -- C:\Users\Aupex\AppData\Roaming\PnkBstrK.sys [2011.05.31 22:57:06 | 000,001,396 | -H-- | M] () -- C:\Users\Aupex\Documents\test.xmr [2011.05.31 17:59:32 | 000,001,042 | -H-- | M] () -- C:\Users\Aupex\Desktop\DVDVideoSoft Free Studio.lnk [2011.05.31 17:59:26 | 000,000,882 | -H-- | M] () -- C:\Users\Aupex\Desktop\Free DVD Video Converter.lnk [2011.05.30 17:01:48 | 000,000,559 | -H-- | M] () -- C:\Users\Aupex\AppData\Roaming\AutoGK.ini [2011.05.29 21:02:45 | 000,233,242 | -H-- | M] () -- C:\Users\Aupex\Desktop\IMG_1068.jpg [2011.05.29 20:55:34 | 000,112,686 | -H-- | M] () -- C:\Users\Aupex\Desktop\IMG_0252.jpg [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.18 18:43:47 | 000,002,413 | -H-- | M] () -- C:\Windows\System32\lgAxconfig.ini [2011.05.17 16:43:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.16 17:39:33 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.05.16 17:39:33 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.05.14 21:41:42 | 000,006,642 | ---- | M] () -- C:\Windows\mgxoschk.ini [2011.05.12 16:50:48 | 000,055,531 | -H-- | M] () -- C:\Users\Aupex\Documents\inventurtabak10.pdf [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Aupex\AppData\Roaming\*.tmp files -> C:\Users\Aupex\AppData\Roaming\*.tmp -> ] [1 C:\Users\Aupex\AppData\Local\*.tmp files -> C:\Users\Aupex\AppData\Local\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.06 19:38:16 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.06.06 19:38:16 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.06.06 19:14:13 | 000,000,708 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.06 19:13:48 | 000,606,105 | ---- | C] () -- C:\Users\Aupex\Desktop\unhide.exe [2011.06.06 19:13:48 | 000,050,477 | ---- | C] () -- C:\Users\Aupex\Desktop\Defogger.exe [2011.06.06 13:31:56 | 000,000,605 | -H-- | C] () -- C:\Users\Aupex\Desktop\Windows Vista Recovery.lnk [2011.06.06 13:31:50 | 000,000,336 | -H-- | C] () -- C:\ProgramData\31907576 [2011.06.06 10:41:31 | 000,523,061 | -H-- | C] () -- C:\Users\Aupex\mricrocosft.cab [2011.05.31 22:57:06 | 000,001,396 | -H-- | C] () -- C:\Users\Aupex\Documents\test.xmr [2011.05.31 17:59:26 | 000,000,882 | -H-- | C] () -- C:\Users\Aupex\Desktop\Free DVD Video Converter.lnk [2011.05.29 21:02:44 | 000,233,242 | -H-- | C] () -- C:\Users\Aupex\Desktop\IMG_1068.jpg [2011.05.29 20:55:33 | 000,112,686 | -H-- | C] () -- C:\Users\Aupex\Desktop\IMG_0252.jpg [2011.05.29 09:31:24 | 000,000,559 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\AutoGK.ini [2011.05.26 16:37:36 | 000,004,755 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2011.05.16 17:39:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.05.16 17:39:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.05.14 21:36:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2011.05.12 16:50:47 | 000,055,531 | -H-- | C] () -- C:\Users\Aupex\Documents\inventurtabak10.pdf [2011.01.25 16:02:14 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\MGHwCtrl.dll [2011.01.25 16:02:14 | 000,032,768 | -H-- | C] () -- C:\Windows\System32\MGFPCtrl.dll [2010.11.28 13:29:00 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\ss35pp.dll [2010.11.02 14:37:07 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\pdf2html.dat [2010.11.02 14:37:02 | 000,000,110 | -H-- | C] () -- C:\Windows\PDF2HTML.INI [2010.08.26 22:34:46 | 000,360,723 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\mdbu.bin [2010.06.08 19:49:56 | 000,028,672 | -H-- | C] () -- C:\Windows\System32\nnr.dll [2010.03.11 22:48:19 | 000,000,093 | -H-- | C] () -- C:\Users\Aupex\AppData\Local\fusioncache.dat [2010.03.05 13:20:59 | 000,116,224 | -H-- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.02.24 18:41:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\setup_XP.ini [2009.12.23 18:44:34 | 000,221,291 | -H-- | C] () -- C:\Windows\Imei_dll.dll [2009.12.23 18:44:34 | 000,040,960 | -H-- | C] () -- C:\Windows\Sublock.dll [2009.12.22 15:59:43 | 000,053,248 | -H-- | C] () -- C:\Windows\System32\CommonDL.dll [2009.12.22 15:59:43 | 000,002,413 | -H-- | C] () -- C:\Windows\System32\lgAxconfig.ini [2009.09.17 22:46:44 | 000,085,504 | -H-- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009.08.08 14:11:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.08 14:11:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.26 19:57:58 | 000,000,711 | -H-- | C] () -- C:\Windows\eReg.dat [2009.06.16 19:08:52 | 070,641,406 | ---- | C] () -- C:\Programme\Microsoft Games.rar [2009.06.05 17:30:48 | 000,000,082 | -H-- | C] () -- C:\Windows\odbc_merge.INI [2009.06.02 20:38:33 | 000,000,680 | -H-- | C] () -- C:\Users\Aupex\AppData\Local\d3d9caps.dat [2009.05.24 22:18:09 | 000,015,873 | -H-- | C] () -- C:\Windows\System32\Inetde.dll [2009.05.18 13:31:18 | 000,027,648 | -H-- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.04.08 07:17:48 | 000,057,344 | -H-- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2009.03.22 20:49:16 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.03.07 13:59:28 | 000,000,166 | -H-- | C] () -- C:\Windows\homeDVD-Fotos4.INI [2009.03.07 13:56:00 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll [2009.03.07 13:55:53 | 000,019,968 | -H-- | C] () -- C:\Windows\System32\cpuinf32.dll [2009.03.07 13:51:56 | 000,000,089 | -H-- | C] () -- C:\Windows\magix.ini [2009.03.07 13:51:54 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.02.03 12:55:22 | 000,000,239 | -H-- | C] () -- C:\Windows\Caligari.ini [2009.02.02 20:10:14 | 000,303,104 | -H-- | C] () -- C:\Windows\System32\dnt27VC8.dll [2009.02.02 20:08:36 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2009.02.02 20:08:22 | 000,086,016 | -H-- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2009.01.25 23:10:48 | 000,179,200 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.01.25 13:09:58 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2009.01.20 09:42:03 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\PTQL5F.DLL [2009.01.13 18:17:01 | 000,000,000 | -H-- | C] () -- C:\Windows\tosOBEX.INI [2009.01.13 16:52:33 | 000,001,932 | -H-- | C] () -- C:\Windows\Sandboxie.ini [2009.01.13 11:48:39 | 000,000,035 | -H-- | C] () -- C:\Windows\Ulead32.INI [2009.01.13 11:46:57 | 000,285,216 | -H-- | C] () -- C:\Windows\System32\drivers\Onsio.sys [2009.01.13 11:46:57 | 000,007,680 | -H-- | C] () -- C:\Windows\System32\drivers\Onsreged.sys [2009.01.13 08:11:04 | 000,000,000 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\wklnhst.dat [2009.01.12 13:16:33 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.01.12 13:16:32 | 000,138,056 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\PnkBstrK.sys [2009.01.12 13:15:51 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.01.12 13:15:47 | 002,373,712 | -H-- | C] () -- C:\Windows\System32\pbsvc.exe [2009.01.12 13:15:47 | 000,075,136 | -H-- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.01.12 13:14:26 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.01.09 21:43:44 | 000,131,072 | -H-- | C] () -- C:\Users\Aupex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.09 01:01:22 | 000,629,760 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll [2009.01.05 14:48:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.12.29 00:05:28 | 000,027,335 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\nvModes.001 [2008.12.29 00:02:44 | 000,027,335 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\nvModes.dat [2006.11.02 17:33:31 | 000,685,712 | -H-- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,149,726 | -H-- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,459,912 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,642,704 | -H-- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,121,532 | -H-- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat [2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll [2000.10.16 17:16:38 | 000,225,280 | -H-- | C] () -- C:\Windows\System32\Scint100.dll [2000.10.16 17:16:38 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\sccres100.dll ========== LOP Check ========== [2011.06.02 21:13:10 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\5015 [2010.06.01 20:04:08 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Acronis [2010.11.09 13:17:51 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Arduino [2009.01.19 18:36:30 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Azureus [2008.12.30 19:09:34 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\BitTorrent [2009.01.06 22:23:08 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Blender Foundation [2010.11.03 18:59:51 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\CadSoft [2011.01.26 19:09:01 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\calibre [2009.03.25 10:01:36 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Canneverbe_Limited [2009.01.13 21:12:47 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Canon [2009.01.08 22:15:47 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\DAEMON Tools [2009.01.08 22:17:15 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\DAEMON Tools Lite [2009.01.08 22:15:47 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\DAEMON Tools Pro [2010.12.12 21:42:48 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\DVD Profiler [2011.02.16 16:22:51 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.09 22:50:22 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\fdrtools.com [2011.06.06 13:33:59 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Free Download Manager [2010.08.27 19:06:03 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Fritzing [2010.07.13 18:08:38 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\gtk-2.0 [2009.03.09 09:27:50 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\HDRsoft [2010.10.18 21:31:23 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\InfraRecorder [2011.06.02 21:12:55 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\kock [2009.10.21 20:38:52 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Leadertech [2009.09.30 16:12:09 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Lexware [2011.01.13 09:42:38 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\LG Electronics [2011.05.14 21:41:33 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\MAGIX [2009.09.01 22:32:20 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Mp3tag [2011.05.04 17:17:39 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\No Company Name [2010.10.06 23:22:49 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\NwDocx [2010.08.31 22:16:33 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Oloneo [2009.01.06 23:21:40 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\OpenOffice.org [2009.12.14 23:18:10 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Picturenaut [2009.03.03 12:40:36 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Planetside Software [2009.07.25 19:17:48 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\RawTherapee [2010.02.04 13:39:45 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\RouterControl [2009.08.07 13:52:29 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\SlySoft [2009.06.16 22:25:15 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\T-Online [2011.01.12 16:19:49 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Template [2009.01.19 17:09:16 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Thinstall [2010.09.20 19:23:53 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Thunderbird [2009.03.03 13:39:23 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\uk.co.planetside [2009.01.19 17:11:39 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\uTorrent [2011.01.11 18:06:41 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\VidCoder [2009.06.08 12:56:58 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\VistaStumbler [2011.02.15 22:18:45 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Xilisoft [2011.06.05 20:55:43 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\xmldm [2011.05.01 23:20:25 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\XnView [2009.12.22 13:26:01 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6} [2011.06.06 19:26:25 | 000,032,606 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.06 20:10:50 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B7E58F2E-7704-4F70-9EB3-32EB591D496C}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:27291D76549DE56D @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.06.2011 20:09:01 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Aupex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,20% Memory free
6,21 Gb Paging File | 5,17 Gb Available in Paging File | 83,27% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 1,08 Gb Free Space | 3,17% Space Free | Partition Type: NTFS
Drive D: | 192,84 Gb Total Space | 12,20 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
Drive H: | 7,45 Gb Total Space | 3,45 Gb Free Space | 46,27% Space Free | Partition Type: FAT32
Computer Name: STEFANLAPTOP | User Name: Aupex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "D:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Program Files\canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3814163011-2074231880-4065175572-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"d:\Program Files\BitTorrent\bittorrent.exe" = d:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2E0168-A091-438E-A7FA-4897DA0F0DA8}" = lport=137 | protocol=17 | dir=in | app=system |
"{15514728-41F3-48FF-AB66-6CCEFD6FAAA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{16CC534F-D6C6-4BBD-8382-69628BA12263}" = rport=137 | protocol=17 | dir=out | app=system |
"{25FC251C-0C26-41AB-8424-BC383BA73F05}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{342DC21F-8295-4342-909D-A7F279578E63}" = lport=139 | protocol=6 | dir=in | app=system |
"{48883D63-6C84-4CB2-9507-8AF14136E169}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{52F6B97D-D65F-4C2F-9504-13FEAB266629}" = rport=138 | protocol=17 | dir=out | app=system |
"{5FA8909D-B37A-4B82-A038-9BC54D200681}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{887C0506-54AC-4623-840A-D20902F3AB0E}" = rport=139 | protocol=6 | dir=out | app=system |
"{D40E8E4E-B31C-4D42-BE9A-A503C4AA5243}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EEE08896-C538-44C4-A160-B1410D0CEA56}" = lport=138 | protocol=17 | dir=in | app=system |
"{F2B30D6D-C14D-4B2B-A635-DA319F3F910D}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013BD9BC-540B-4FC1-9BD7-27A95CFBAA1A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{162C996A-3D30-49C9-BB55-BC89C56F922A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{26027EF8-81F1-4D1C-9C8D-D1A32B61A540}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{2A863473-CE80-4366-851A-F4654BD0EED3}" = protocol=6 | dir=in | app=d:\spiele\battlef2\bf2.exe |
"{2F815737-542A-4F7F-9777-9452BC759505}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{37BEB145-31D7-4A67-B216-DA223FBBA95C}" = protocol=6 | dir=in | app=c:\users\aupex\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{4503EFED-59B8-420A-8A66-7EADBDAFD1E9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{47E7F823-CA43-408D-B1AD-7F193DAA03F5}" = protocol=6 | dir=in | app=c:\users\aupex\appdata\local\temp\7zs9547.tmp\symnrt.exe |
"{4AF8D247-2BB2-42B0-8ED6-38643DAD412D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5AE29E96-1F28-40E1-81EB-ECC181B98D60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{68ED034B-6BB5-4050-B401-7FD0CDD9B594}" = protocol=17 | dir=in | app=d:\spiele\battlef2\bf2.exe |
"{6D71C4A4-8C55-4051-9CAF-52C2775A4A49}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B6DCC52-7B61-47A7-89F7-F52CFAC72B53}" = protocol=17 | dir=in | app=c:\users\aupex\appdata\local\temp\7zs9547.tmp\symnrt.exe |
"{99193E75-9B32-455D-A0B6-B3DAFC176348}" = protocol=17 | dir=in | app=c:\users\aupex\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{9E8E6CBA-5CC4-45B3-ADCE-12A1CAD4EF4C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{B32A8D67-D6B3-4B82-AA52-CF4E5170086D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B34D8511-DBB8-49C9-B66E-39B4FE65BAC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC94E627-5B38-4F08-AB62-114E4D1DFC3C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D0109F9B-2C98-43D4-8B38-C8482030BEDC}" = protocol=6 | dir=in | app=c:\users\aupex\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D6667324-1A77-4593-92D8-D93146AF8BA8}" = protocol=17 | dir=in | app=d:\program files\utorrent\utorrent.exe |
"{D90F3206-FD62-4239-8891-BF06C088F99B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E1E749EA-C830-4C97-A757-351DF17A1A3D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E21CDC62-A43C-4E73-A342-666AA6DBD3E8}" = protocol=6 | dir=in | app=d:\program files\utorrent\utorrent.exe |
"{EC08F273-D3ED-4C12-A5A6-EF62378C0496}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EC6CEA8F-7ECF-4685-BCB8-4EDAC6123F64}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{ECFC6907-0644-424D-8FBB-A89EC4BBF4E1}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{F60997C3-27A9-4BAC-A9C7-D1F064AC6E3B}" = protocol=17 | dir=in | app=c:\users\aupex\appdata\local\google\google talk plugin\googletalkplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking
"{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (JTLWAWI)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14E5D149-FD0F-4595-A84E-68D821167591}" = NetObjects Fusion 11.0
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28CBE511-A28E-4010-BE83-1623FC3F1D3A}" = RUNAWAY - A road adventure
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB Video/Audio Device Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{45C4CE4D-64B7-47C8-A946-9737CD4C0259}_is1" = Fotomatic 1.3v
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5D4604-EA08-4EDC-8EE7-A004946FB016}" = Terragen 2 Free Edition (Beta)
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault(tm) Breakthrough
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{985F828E-0E98-429F-9C05-EF3BDE7568F7}" = Paragon Drive Backup™ 9.0 Free Edition
"{98E9B724-0E62-4812-B6CC-C6A228BBC562}" = Brother P-touch Address Book 1.0
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CBBC89D4-84CB-48A5-AC5A-88452D3C44D3}" = JTL-Wawi - FastReport - Deployment
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF34973A-4865-4150-B4B4-0430C8311353}" = UpLoad/DownLoad
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Anti-Twin 2010-09-22 17.58.58" = Anti-Twin (Installation 22.09.2010)
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"Blender" = Blender (remove only)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2OEM" = CloneDVD2OEM
"CloneDVDmobile" = CloneDVDmobile
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DLDIrc" = DLDIrc
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"EAGLE 5.10.0" = EAGLE 5.10.0
"Elements+_is1" = Elements+ for PSE 8 (demo)
"EOS Utility" = Canon Utilities EOS Utility
"Eraser" = Eraser
"Everest Poker" = Everest Poker (Remove Only)
"ffdshow_is1" = ffdshow [rev 3072] [2009-09-12]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Download Manager_is1" = Free Download Manager 3.0
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.33
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{98E9B724-0E62-4812-B6CC-C6A228BBC562}" = Brother P-touch Address Book 1.0
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.5.1
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8
"JTL-Wawi_is1" = JTL-Wawi
"Lidl-Fotos_is1" = Lidl-Fotos
"LMMS 0.4.8" = Linux MultiMedia Studio (LMMS)
"MAGIX Filme auf DVD TerraTec Edition D" = MAGIX Filme auf DVD TerraTec Edition 7.0.3.8 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"monzoom" = monzoom® pro
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Mp3tag" = Mp3tag v2.44
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"Nmap" = Nmap 4.85BETA9
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"OpenAL" = OpenAL
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.9
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PremElem80" = Adobe Premiere Elements 8.0
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RouterControl" = RouterControl 2.0
"Sandboxie" = Sandboxie 3.34
"ShrinkTo5Basic" = ShrinkTo5Basic
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"VidCoder_is1" = VidCoder 0.8.0 (x86)
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"WaveSurgeon (Evaluation)_is1" = WaveSurgeon (Evaluation) 2.8.1
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"XMedia Recode" = XMedia Recode 2.1.8.0
"XnView_is1" = XnView 1.95.4
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"pycrypto-py2.6" = Python 2.6 pycrypto-2.0.1
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Gruss ps. Seit heute mittag ist auch schon 4 oder 5 mal eine Fehlermeldung erschienen. In etwa "zugriff auf MS host ist auf diesem System nicht gestattet..." Genauen Wortlaut weiss ich leider nicht mehr. Geändert von aupex (06.06.2011 um 19:59 Uhr) Grund: ps. hinzugefügt |
| Themen zu HDD Fehler, Desktop leer, Windows Rescue... |
| alternate, audacity, avp.exe, bho, browser, c:\windows\system32\rundll32.exe, call of duty, converter, desktop, desktop leer, druck, error, excel.exe, firefox, flash player, free download, hijack, hijackthis, home, install.exe, kaspersky, langs, logfile, malware, mbamservice.exe, microsoft office word, mozilla thunderbird, mp3, nvidia update, nvlddmkm.sys, office 2007, oldtimer, plug-in, realtek, registry, safer networking, searchplugins, security, security update, senden, server, shell32.dll, software, sptd.sys, start menu, super, svchost.exe, system, tastatur, torrent.exe, trojan.fakems, vista, vista recovery, windows, winload toolbar |
Baum-Darstellung