| |
| |||||||
Mülltonne: [2x] Würmer und Trojaner wie entfernen? userinit.exeWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
11.02.2012, 20:30
| #1 |
| | ![[2x] Würmer und Trojaner wie entfernen? userinit.exe - Standard](images/icons/icon1.gif){kind=icon} [2x] Würmer und Trojaner wie entfernen? userinit.exe Hallo, ich habe mein Laptop gründlich durchsuchen lassen (mit ESETNOD Smart Security, Kaspersky Removal Tool, HiJackthis, Trojan Remover, OTL und Malwarebytes) und habe bei einigen Trojanern und Würmern gefunden! Ich habe im I-Net recherchiert und bin auf diese Forum gelandet. Ich habe zuerst die OTL heruntergeladen und die Logs erstellt. Die meisten Würmer und Trojaner wurden mit Hilfe von HijackThis gefunden... Habe noch die Logs von OTL hochgeladen...hoffentlich kann einer mich helfen...danke im Voraus!!! Code:
ATTFilter OTL logfile created on: 11.02.2012 18:40:15 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Belalim B\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 44,92% Memory free 4,83 Gb Paging File | 3,50 Gb Available in Paging File | 72,56% Paging File free Paging file location(s): C:\pagefile.sys 2967 2967 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 252,81 Gb Total Space | 177,77 Gb Free Space | 70,32% Space Free | Partition Type: NTFS Drive D: | 30,33 Gb Total Space | 28,60 Gb Free Space | 94,29% Space Free | Partition Type: NTFS Computer Name: BELALIM-PC | User Name:Belalim B | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Belalim B\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Users\Belalim B\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\ESET\ESET Smart Security\ekrn.exe (ESET) PRC - C:\Programme\ESET\ESET Smart Security\egui.exe (ESET) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Xobni\XobniService.exe (Xobni Corporation) PRC - C:\Programme\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe (UPEK Inc.) PRC - C:\Programme\Lenovo\LenovoSecuritySolution FP\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\System32\IcnOvrly.dll () ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll () SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (XobniService) -- C:\Program Files\Xobni\XobniService.exe (Xobni Corporation) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (UpekSrvc) -- C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe (UPEK Inc.) SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited) SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited) SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ReadyComm.DirectRouter) -- C:\windows\System32\IgrsSvcs.exe (Microsoft Corporation) SRV - (PS_MDP) -- C:\windows\System32\IgrsSvcs.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- File not found DRV - (bdsandbox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET) DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET) DRV - (epfwwfp) -- C:\windows\system32\DRIVERS\epfwwfp.sys (ESET) DRV - (EpfwLWF) -- C:\Windows\System32\drivers\EpfwLWF.sys (ESET) DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET) DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation) DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation) DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys () DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (bthav) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {271A3CF5-5A54-447B-A08F-BE805F0DA60A}:3.3.5.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48 FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Belalim B\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Belalim B\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.12 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.17 10:10:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.10.24 19:24:51 | 000,000,000 | ---D | M] [2011.04.25 12:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belalim B\AppData\Roaming\mozilla\Extensions [2011.04.25 12:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belalim B\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.02.02 19:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belalim B\AppData\Roaming\mozilla\Firefox\Profiles\o1rl9dya.default\extensions [2012.01.11 17:42:02 | 000,000,000 | ---D | M] (DDBAC Plug-In) -- C:\Users\Belalim B\AppData\Roaming\mozilla\Firefox\Profiles\o1rl9dya.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A} [2011.10.22 17:28:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Belalim B\AppData\Roaming\mozilla\Firefox\Profiles\o1rl9dya.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.28 18:49:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Belalim B\AppData\Roaming\mozilla\Firefox\Profiles\o1rl9dya.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.09.02 21:09:06 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Belalim B\AppData\Roaming\mozilla\Firefox\Profiles\o1rl9dya.default\extensions\netvideohunter@netvideohunter.com [2012.02.11 15:54:04 | 000,000,950 | ---- | M] () -- C:\Users\Belalim B\AppData\Roaming\Mozilla\Firefox\Profiles\o1rl9dya.default\searchplugins\icqplugin-1.xml [2012.01.26 20:56:58 | 000,001,056 | ---- | M] () -- C:\Users\Belalim B\AppData\Roaming\Mozilla\Firefox\Profiles\o1rl9dya.default\searchplugins\icqplugin.xml [2012.01.10 21:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.24 18:52:21 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2011.05.29 23:33:17 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011.10.24 00:16:49 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak () (No name found) -- C:\USERS\BELALIM B\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O1RL9DYA.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI () (No name found) -- C:\USERS\BELALIM B\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O1RL9DYA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\BELALIM B\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O1RL9DYA.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI () (No name found) -- C:\USERS\BELALIM B\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O1RL9DYA.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI () (No name found) -- C:\USERS\BELALIM B\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O1RL9DYA.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2012.02.02 19:14:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [1999.12.31 16:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.11.14 23:11:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.14 23:11:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.14 23:11:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.14 23:11:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.14 23:11:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.14 23:11:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Belalim B\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Belalim B\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Belalim B\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: olb.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/Belalim%20B/Desktop/components/hidinputmonitorx.ocx (HidInputMonitorX Control) O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/Belalim%20B/Desktop/components/A9.ocx (A9Helper.A9) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/Belalim%20B/Desktop/components/wmvhdrating.ocx (WMVHDRatingCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E99295A-A535-4376-A5F7-5E4FA209F1C6}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\tmbp - No CLSID value found O18 - Protocol\Handler\tmpx - No CLSID value found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.11 18:43:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012.02.11 18:39:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Belalim B\Desktop\OTL.exe [2012.02.11 03:24:45 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Belalim B\Desktop\TFC.exe [2012.02.11 02:48:48 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\Documents\Simply Super Software [2012.02.11 02:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.02.11 02:48:35 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ztvcabinet.dll [2012.02.11 02:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2012.02.11 02:48:18 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Roaming\Simply Super Software [2012.02.11 02:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.02.11 02:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree [2012.02.11 02:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft HiJackFree [2012.02.09 21:25:55 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{748BB4D0-688D-404A-8452-7C3777588934} [2012.02.09 21:25:32 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{CA06EA21-C8F5-49AB-A6B8-B74ACCFE4869} [2012.02.08 15:51:27 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Roaming\Apple Computer [2012.02.08 15:51:27 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\Apple Computer [2012.02.08 15:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.02.08 15:51:02 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll [2012.02.08 15:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.02.08 15:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.02.08 15:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.02.08 15:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.02.08 15:45:55 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\Apple [2012.02.08 15:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.02.08 15:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.02.08 15:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.02.08 15:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.02.08 15:30:55 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\Desktop\Samsung Monte [2012.02.08 15:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012.02.08 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{E88DB14D-934C-4215-A1C0-DA273C457E1B} [2012.02.08 14:51:35 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{F7305A9C-BC0E-4F7C-B45D-C25F91C20D75} [2012.02.07 22:05:33 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{AEC6C8EA-BBBC-4FD4-8256-B82131A6C360} [2012.02.07 22:05:10 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{B4F1E465-70A3-456E-9F24-434F9EB70269} [2012.02.04 17:24:32 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{FA017AB0-B80C-4364-BF7E-F95E088634AA} [2012.02.04 17:24:07 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{71DA99CB-F5E6-4A34-AAF3-FD728864BABF} [2012.02.03 20:18:44 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{710355B1-7D99-4AC1-AF2C-B0536BF0D744} [2012.02.03 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{C78DED07-22C3-4ED4-BDE5-581B07498286} [2012.01.31 17:42:08 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{DCCA9CF4-E3C6-4E73-9366-9E6BF9843574} [2012.01.31 17:41:45 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{498004D5-2E07-43A5-946F-40DFFC9F73A6} [2012.01.30 18:38:53 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{D0C03C03-336F-4291-9D5A-731476A8E144} [2012.01.30 18:38:29 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{12FD683F-A923-4B37-BC70-CD1328F74A41} [2012.01.30 01:15:16 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{F72AE514-E803-49B8-816C-2C8D52AD11E7} [2012.01.30 01:14:54 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{951B6D69-C519-4391-A161-4EE9545EF0C7} [2012.01.29 16:15:27 | 000,000,000 | --SD | C] -- C:\Users\Belalim B\Documents\Meine Datenquellen [2012.01.28 16:32:38 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{BCD71DB0-ACB5-4274-83C0-04287D7745B9} [2012.01.28 16:32:15 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{F820CEF7-4A3E-47A4-92FD-528CD4B3BD60} [2012.01.27 23:23:28 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{2891D613-772C-4D66-9EC0-0D0137300A9F} [2012.01.27 23:22:58 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{FB49C9B8-F546-43CD-AE51-D79C53816772} [2012.01.23 23:42:48 | 000,000,000 | ---D | C] -- C:\Spiele [2012.01.23 22:45:13 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{D3061F48-6E59-4BDE-A0A4-55F1A6E12F8B} [2012.01.23 22:44:50 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{48153DC7-DC46-4A6D-BE4A-F5A335E4BA87} [2012.01.22 17:26:01 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{95BC7376-7664-4E5C-A93D-4DC050D4F8FF} [2012.01.22 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{FAAB34F8-24FD-496E-95DC-5CEE03B02287} [2012.01.21 23:07:36 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{8C40E64B-C2EB-461F-A470-CA0DF0F17229} [2012.01.21 23:07:13 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{3CD92158-258F-42C0-BCA4-249134CAC88F} [2012.01.20 19:46:06 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{3422C35F-5589-4ADD-A9B6-48151E7DB070} [2012.01.20 19:45:44 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{55310412-055D-4536-A9E9-7EFCBE830418} [2012.01.19 23:23:21 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{3384754B-7655-4E7F-B110-9B1F25EA8E36} [2012.01.19 23:22:54 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{A225921F-AC6A-43A5-BB81-7B614126EB1F} [2012.01.18 13:39:33 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{DAD06F83-58AD-4B1B-80EA-805A7EFB6BA9} [2012.01.18 13:39:08 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{298AA43F-3D9E-4793-9BC0-49DD36D8A611} [2012.01.17 16:26:10 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{A6E389E1-6969-427E-A60B-6ED8EF10C27D} [2012.01.17 16:25:33 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{0DF389DE-A4AF-4333-8EC1-47582997BC56} [2012.01.16 18:56:07 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{D5B7738D-2E91-4FD9-AE63-C22B3F22F276} [2012.01.16 18:55:39 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{D68A29D1-1181-4394-8E11-CF8321674456} [2012.01.16 17:55:18 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll [2012.01.16 17:55:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll [2012.01.15 21:04:28 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{7A2C4120-825D-4929-81BE-B6A37C31CCAA} [2012.01.15 21:04:04 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{D052B35C-5F86-4A5C-A3EA-0F016409ACDC} [2012.01.14 22:40:46 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{37056AC0-D624-4FE1-B3EC-8DC9BC1CD648} [2012.01.14 22:40:23 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{7371A55E-807D-4E7E-AEAA-4873E91BA794} [2012.01.13 18:48:29 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{77A1F016-2BB3-4C47-A09F-737570226CF7} [2012.01.13 18:48:06 | 000,000,000 | ---D | C] -- C:\Users\Belalim B\AppData\Local\{365B3E64-3364-494E-A68E-941695FBB1B7} [2011.02.11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2012.02.11 18:44:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012.02.11 18:42:53 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.11 18:39:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Belalim B\Desktop\OTL.exe [2012.02.11 18:19:41 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.11 18:19:41 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.11 18:16:01 | 000,001,144 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-922788502-2974688755-1906233259-1004UA.job [2012.02.11 18:11:33 | 000,000,108 | ---- | M] () -- C:\index.ini [2012.02.11 18:09:39 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.11 18:09:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.02.11 18:09:09 | 1556,267,008 | -HS- | M] () -- C:\hiberfil.sys [2012.02.11 18:04:01 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.11 13:23:21 | 000,730,930 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.02.11 13:23:21 | 000,681,836 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.02.11 13:23:21 | 000,157,368 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.02.11 13:23:21 | 000,133,118 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.02.11 03:26:19 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.02.11 03:25:09 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Belalim B\Desktop\TFC.exe [2012.02.11 02:48:40 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.02.11 02:20:58 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk [2012.02.10 21:16:00 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-922788502-2974688755-1906233259-1004Core.job [2012.02.08 15:51:11 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.29 02:03:07 | 020,066,697 | ---- | M] () -- C:\Users\Belalim B\Documents\Taxpool_29.01.2012_02.03.00.Komplettsicherung [2012.01.28 03:25:06 | 000,002,569 | ---- | M] () -- C:\Users\Belalim B\Desktop\Paint Shop Pro 7.lnk [2012.01.27 20:32:06 | 000,012,288 | ---- | M] () -- C:\Users\Belalim B\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe [2012.01.24 22:10:26 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk ========== Files Created - No Company Name ========== [2012.02.11 03:26:19 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.02.11 03:26:19 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.02.11 02:48:40 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.02.11 02:48:35 | 000,162,304 | ---- | C] () -- C:\windows\System32\ztvunrar36.dll [2012.02.11 02:48:35 | 000,153,088 | ---- | C] () -- C:\windows\System32\UNRAR3.dll [2012.02.11 02:48:35 | 000,077,312 | ---- | C] () -- C:\windows\System32\ztvunace26.dll [2012.02.11 02:48:35 | 000,075,264 | ---- | C] () -- C:\windows\System32\unacev2.dll [2012.02.11 02:20:58 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk [2012.02.08 15:51:11 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.02.08 15:45:40 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.01.29 02:03:00 | 020,066,697 | ---- | C] () -- C:\Users\Belalim B\Documents\Taxpool_29.01.2012_02.03.00.Komplettsicherung [2012.01.28 03:25:06 | 000,002,569 | ---- | C] () -- C:\Users\Belalim B\Desktop\Paint Shop Pro 7.lnk [2012.01.24 22:10:26 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2012.01.17 16:29:41 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.09.26 20:54:38 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll [2011.09.12 22:28:14 | 000,231,152 | ---- | C] () -- C:\ProgramData\1315862410.bdinstall.bin [2011.09.06 15:45:38 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll [2011.08.24 20:33:06 | 000,536,336 | ---- | C] () -- C:\windows\System32\drivers\sfi.dat [2011.08.18 16:57:14 | 000,017,408 | ---- | C] () -- C:\Users\Belalim B\AppData\Local\WebpageIcons.db [2011.08.18 14:48:35 | 000,000,000 | ---- | C] () -- C:\Users\Belalim B\AppData\Local\{277320AD-9257-4910-AD0E-56BBB1B41BA5} [2011.08.15 17:52:44 | 000,000,000 | ---- | C] () -- C:\Users\Belalim B\AppData\Local\{0AA59523-9816-4912-BD02-6A5610B89712} [2011.08.14 19:57:45 | 000,000,000 | ---- | C] () -- C:\Users\Belalim B\AppData\Local\{271F1C9A-15A5-4486-A321-DFA77171B7FF} [2011.08.13 19:06:11 | 000,643,489 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.06.26 21:11:44 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI [2011.06.09 14:45:40 | 000,000,000 | ---- | C] () -- C:\Users\Belalim B\AppData\Local\{46A33E97-629B-43DB-9768-F3E982189059} [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat [2011.04.09 14:55:47 | 000,006,635 | ---- | C] () -- C:\Users\Belalim B\AppData\Local\backup.vtp [2011.02.08 22:11:31 | 000,000,268 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.01.15 01:00:49 | 000,012,288 | ---- | C] () -- C:\Users\Belalim B\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.21 18:54:07 | 000,015,873 | ---- | C] () -- C:\windows\System32\Inetde.dll [2010.10.01 17:59:11 | 000,000,082 | ---- | C] () -- C:\windows\odbc_merge.INI [2010.09.23 23:26:49 | 000,007,667 | ---- | C] () -- C:\Users\Belalim B\AppData\Local\resmon.resmoncfg [2010.08.24 21:00:09 | 000,350,208 | ---- | C] () -- C:\windows\System32\Rivet200.dll [2010.08.01 16:42:25 | 000,700,416 | ---- | C] () -- C:\windows\System32\mcs_cor1.dll [2010.08.01 16:42:25 | 000,249,856 | ---- | C] () -- C:\windows\System32\mcs_cor2.dll [2010.08.01 16:42:25 | 000,147,456 | ---- | C] () -- C:\windows\System32\mcs_vfw.dll [2010.08.01 16:41:22 | 000,282,624 | ---- | C] () -- C:\windows\Uninstall.exe [2010.08.01 16:41:22 | 000,057,344 | ---- | C] () -- C:\windows\HAJEInstall.dll [2010.07.20 15:41:37 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml [2010.07.08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe [2010.04.27 14:45:56 | 000,187,544 | ---- | C] () -- C:\windows\System32\xliveinstall.dll [2010.04.27 14:45:56 | 000,072,856 | ---- | C] () -- C:\windows\System32\xliveinstallhost.exe [2010.04.21 17:08:14 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2010.04.21 17:08:14 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2010.04.21 17:08:14 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2010.04.21 16:29:46 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config [2010.01.07 15:44:01 | 000,730,930 | ---- | C] () -- C:\windows\System32\perfh007.dat [2010.01.07 15:44:01 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2010.01.07 15:44:01 | 000,157,368 | ---- | C] () -- C:\windows\System32\perfc007.dat [2010.01.07 15:44:01 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2010.01.07 08:41:23 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll [2010.01.07 08:32:28 | 000,057,344 | ---- | C] () -- C:\windows\AsfHelper.dll [2010.01.07 08:32:28 | 000,054,800 | ---- | C] () -- C:\windows\System32\drivers\funfrm.sys [2010.01.07 08:32:18 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll [2010.01.07 08:32:18 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll [2010.01.07 08:32:18 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll [2010.01.07 08:32:18 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll [2010.01.07 08:32:18 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll [2010.01.07 08:32:03 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll [2010.01.07 08:11:26 | 000,163,840 | ---- | C] () -- C:\windows\System32\SM37XCoInst.dll [2010.01.07 08:03:38 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll [2009.08.31 06:18:52 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009.07.14 05:33:53 | 004,005,880 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,681,836 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,133,118 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys [2007.07.06 04:33:02 | 000,229,376 | ---- | C] () -- C:\windows\System32\HPPCPR01.DLL [2007.07.06 04:33:02 | 000,000,630 | ---- | C] () -- C:\windows\System32\HPPCPR01.DAT [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:0B4227B4 @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.02.2012 18:40:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Belalim B\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,93 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 44,92% Memory free
4,83 Gb Paging File | 3,50 Gb Available in Paging File | 72,56% Paging File free
Paging file location(s): C:\pagefile.sys 2967 2967 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,81 Gb Total Space | 177,77 Gb Free Space | 70,32% Space Free | Partition Type: NTFS
Drive D: | 30,33 Gb Total Space | 28,60 Gb Free Space | 94,29% Space Free | Partition Type: NTFS
Computer Name: BELALIMB-PC | User Name: Belalim B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{087D3CBF-1ABB-47A8-8C3B-5E76A5D99E88}" = Application Suite
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12F7033F-3B47-4C9E-AB20-2EC556C40287}" = Microsoft .NET Compact Framework 1.0 SP3
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{52ACDBC0-1992-4CD0-8E84-D55B8F86CB9D}" = ESET Smart Security
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{892772D7-1A4D-45A8-86E3-1D6CE9543659}" = CadiaFakturaFreeware
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium Download-Version
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0080-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = 趋势科技™ PC-cillin™ 云安全软件 2011 全功能版
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B3B2CC77-13A5-43E3-ABB3-73E6B64EC700}" = TI StudyCards Creator
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Lenovo Security Solution FP
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEDE732-24D7-468A-AB10-DC5D088C04D3}" = DDBAC
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2DCE0D533279EB3AEE0D80C066E7D39DC59BBF88" = Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Akamai" = Akamai NetSession Interface Service
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"EasyCapture4.0" = EasyCapture
"Emsisoft HiJackFree_is1" = Emsisoft HiJackFree 4.5
"FileZilla Client" = FileZilla Client 3.5.3
"FormatFactory" = FormatFactory 2.45
"Free Video Dub_is1" = Free Video Dub version 2.0.3.1206
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"NetObjects Fusion Essentials" = NetObjects Fusion Essentials
"Office14.SingleImage" = Microsoft Office Professional 2010
"Opera 11.61.1250" = Opera 11.61
"Revo Uninstaller" = Revo Uninstaller 1.93
"Samsung_SMP4" = Samsung Video Codec 1.1 Uninstall
"SamsungCamCorderDriver" = Samsung CamCorder Driver
"Straße_is1" = Straße 3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tactical Ops" = Tactical Ops
"Taxpool-Buchhalter Mini" = Taxpool-Buchhalter Mini 4.09
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TVWiz" = Intel(R) TV Wizard
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.1.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XobniMain" = Xobni
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.01.2012 19:41:13 | Computer Name = DilanDogan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.0.0, Zeitstempel:
0x4c463141 Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.0.0, Zeitstempel:
0x4c463141 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000016e8 ID des fehlerhaften Prozesses:
0x1500 Startzeit der fehlerhaften Anwendung: 0x01ccde0343aae8c1 Pfad der fehlerhaften
Anwendung: C:\Program Files\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls: C:\Program
Files\VideoLAN\VLC\vlc.exe Berichtskennung: 8f877170-4a09-11e1-ad53-001f1632c6a4
Error - 31.01.2012 13:46:49 | Computer Name = DilanDogan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.6112.5000,
Zeitstempel: 0x4e9b2bb3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften
Prozesses: 0xd74 Startzeit der fehlerhaften Anwendung: 0x01cce0404ced6abc Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 8cdc5969-4c33-11e1-ac60-001f1632c6a4
Error - 31.01.2012 17:57:58 | Computer Name = DilanDogan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 12.0.6600.1000,
Zeitstempel: 0x4de50c7e Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e2111c0 Ausnahmecode: 0x80000003 Fehleroffset: 0x00033e2e ID des fehlerhaften
Prozesses: 0x1d4 Startzeit der fehlerhaften Anwendung: 0x01cce063636e2c16 Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE Pfad des fehlerhaften
Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: a299f483-4c56-11e1-ac60-001f1632c6a4
Error - 31.01.2012 17:58:38 | Computer Name = BelalimB-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 12.0.6600.1000,
Zeitstempel: 0x4de50c7e Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e2111c0 Ausnahmecode: 0x80000003 Fehleroffset: 0x00033e2e ID des fehlerhaften
Prozesses: 0x173c Startzeit der fehlerhaften Anwendung: 0x01cce0637c9777bc Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE Pfad des fehlerhaften
Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: ba929005-4c56-11e1-ac60-001f1632c6a4
Error - 31.01.2012 18:01:27 | Computer Name = BelalimB-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 12.0.6600.1000,
Zeitstempel: 0x4de50c7e Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e2111c0 Ausnahmecode: 0x80000003 Fehleroffset: 0x00033e2e ID des fehlerhaften
Prozesses: 0x1764 Startzeit der fehlerhaften Anwendung: 0x01cce063e0807306 Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE Pfad des fehlerhaften
Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: 1ecc7a19-4c57-11e1-ac60-001f1632c6a4
Error - 02.02.2012 13:33:37 | Computer Name = BelalimB-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 16.0.912.77 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1284 Startzeit:
01cce1c9818af720 Endzeit: 239 Anwendungspfad: C:\Users\Belalim B\AppData\Local\Google\Chrome\Application\chrome.exe
Berichts-ID:
039eba1a-4dc4-11e1-ab8f-001f1632c6a4
Error - 06.02.2012 10:43:05 | Computer Name = BelalimB-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft
Games for Windows - LIVE\Client\GFWLClient.exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Microsoft Games for Windows - LIVE\Client\GFWLClient.exe.Config"
in Zeile 0. Ungültige XML-Syntax.
Error - 06.02.2012 15:28:32 | Computer Name = BelalimB-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 12.0.6600.1000,
Zeitstempel: 0x4de50c7e Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e2111c0 Ausnahmecode: 0x80000003 Fehleroffset: 0x00033e2e ID des fehlerhaften
Prozesses: 0x904 Startzeit der fehlerhaften Anwendung: 0x01cce50580a0b16c Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE Pfad des fehlerhaften
Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: c0ab4195-50f8-11e1-ba44-001f1632c6a4
Error - 09.02.2012 13:16:59 | Computer Name = BelalimB-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 12.0.6600.1000,
Zeitstempel: 0x4de50c7e Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e2111c0 Ausnahmecode: 0x80000003 Fehleroffset: 0x00033e2e ID des fehlerhaften
Prozesses: 0x4d4 Startzeit der fehlerhaften Anwendung: 0x01cce74ea1081122 Pfad der
fehlerhaften Anwendung: C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE Pfad des fehlerhaften
Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: dfb1ad00-5341-11e1-b7a8-001f1632c6a4
Error - 11.02.2012 11:12:38 | Computer Name = Belalim B-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft
Games for Windows - LIVE\Client\GFWLClient.exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Microsoft Games for Windows - LIVE\Client\GFWLClient.exe.Config"
in Zeile 0. Ungültige XML-Syntax.
[ Media Center Events ]
Error - 06.07.2011 01:49:38 | Computer Name = BelalimB-PC | Source = MCUpdate | ID = 0
Description = 07:49:29 - Fehler beim Herstellen der Internetverbindung. 07:49:29
- Serververbindung konnte nicht hergestellt werden..
Error - 06.07.2011 02:49:54 | Computer Name = BelalimB-PC | Source = MCUpdate | ID = 0
Description = 08:49:53 - Fehler beim Herstellen der Internetverbindung. 08:49:53
- Serververbindung konnte nicht hergestellt werden..
Error - 06.07.2011 02:50:03 | Computer Name = BelalimB-PC | Source = MCUpdate | ID = 0
Description = 08:49:59 - Fehler beim Herstellen der Internetverbindung. 08:49:59
- Serververbindung konnte nicht hergestellt werden..
Error - 06.07.2011 03:50:46 | Computer Name = BelalimB-PC | Source = MCUpdate | ID = 0
Description = 09:50:45 - Fehler beim Herstellen der Internetverbindung. 09:50:46
- Serververbindung konnte nicht hergestellt werden..
Error - 06.07.2011 03:51:11 | Computer Name = BelalimB-PC | Source = MCUpdate | ID = 0
Description = 09:50:52 - Fehler beim Herstellen der Internetverbindung. 09:50:52
- Serververbindung konnte nicht hergestellt werden..
Error - 07.07.2011 04:00:03 | Computer Name = BelalimB-PC | Source = MCUpdate | ID = 0
Description = 10:00:02 - Fehler beim Herstellen der Internetverbindung. 10:00:02
- Serververbindung konnte nicht hergestellt werden..
Error - 07.07.2011 04:00:25 | Computer Name = BelalimB-PC | Source = MCUpdate | ID = 0
Description = 10:00:08 - Fehler beim Herstellen der Internetverbindung. 10:00:08
- Serververbindung konnte nicht hergestellt werden..
Error - 08.07.2011 05:24:03 | Computer Name = BelalimB-PC | Source = MCUpdate | ID = 0
Description = 12:24:03 - Fehler beim Herstellen der Internetverbindung. 12:24:03
- Serververbindung konnte nicht hergestellt werden..
Error - 08.07.2011 05:24:15 | Computer Name = BelalimB-PC | Source = MCUpdate | ID = 0
Description = 12:24:08 - Fehler beim Herstellen der Internetverbindung. 12:24:08
- Serververbindung konnte nicht hergestellt werden..
Error - 11.07.2011 08:39:11 | Computer Name = BelalimB-PC | Source = MCUpdate | ID = 0
Description = 15:39:00 - Fehler beim Herstellen der Internetverbindung. 15:39:00
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 24.04.2011 09:07:52 | Computer Name = BelalimB-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.05.2011 10:01:55 | Computer Name = BelalimB-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2132
seconds with 540 seconds of active time. This session ended with a crash.
Error - 29.05.2011 04:13:17 | Computer Name = BelalimB-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.06.2011 15:38:30 | Computer Name = BelalimB-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.06.2011 19:49:25 | Computer Name = BelalimB-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error - 11.06.2011 08:45:20 | Computer Name = BelalimB-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.
Error - 14.09.2011 13:11:23 | Computer Name = BelalimB-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 236
seconds with 60 seconds of active time. This session ended with a crash.
Error - 23.09.2011 16:46:14 | Computer Name = BelalimB-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.09.2011 16:46:21 | Computer Name = BelalimB-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.12.2011 16:40:29 | Computer Name = BelalimB-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.02.2012 11:20:12 | Computer Name = BelalimB-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 09.02.2012 11:20:19 | Computer Name = BelalimB-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 10.02.2012 14:42:51 | Computer Name = BelalimB-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 10.02.2012 14:42:58 | Computer Name = BelalimB-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 11.02.2012 08:13:37 | Computer Name = BelalimB-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 11.02.2012 08:13:45 | Computer Name = BelalimB-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 11.02.2012 08:30:21 | Computer Name = BelalimB-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 11.02.2012 08:30:29 | Computer Name = BelalimB-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 11.02.2012 13:09:07 | Computer Name = BelalimB-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 11.02.2012 13:09:14 | Computer Name = BelalimB-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
< End of report >
|
|
12.02.2012, 15:11
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | [2x] Würmer und Trojaner wie entfernen? userinit.exe Du hast bereits ein Thema! => http://www.trojaner-board.de/109644-...urm-hilfe.html
__________________
__________________ |
| Themen zu [2x] Würmer und Trojaner wie entfernen? userinit.exe |
| 32 bit, adobe after effects, akamai, alternate, application/pdf, application/pdf:, bho, bonjour, converter, document, dsl, emsisoft, entfernen, error, eset smart security, excel.exe, firefox, flash player, hewlett packard, hijack, hijackthis, host.exe, intranet, kaspersky, lenovo, logfile, malwarebytes, microsoft office 2003, microsoft office word, mozilla thunderbird, mp3, ntdll.dll, office 2007, otl.exe, pixel, plug-in, realtek, registry, revo uninstaller, richtlinie, scan, security, security update, server, software, studio, super, taskhost.exe, tracker, trojan, trojaner, usb 2.0, version=1.0, virus bekämpfen, webcheck, wie entfernen, wie entfernen?, windows |
![[2x] Würmer und Trojaner wie entfernen? userinit.exe](iconimages/muelltonne/2x-wuermer-trojaner-entfernen-userinit-exe_ltr.gif)
Linear-Darstellung
