|
Log-Analyse und Auswertung: BKA Trojaner (Computer für Verletzung der BRD blockiert)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.09.2012, 15:11 | #1 |
| BKA Trojaner (Computer für Verletzung der BRD blockiert) Hallo liebe Tronjaner-Board-Community, leider musste ich heute feststellen, dass ich mir einen Virus eingehandelt habe, welcher meinen Rechner blockiert. Nach einigen Recherchen im Netz habe ich mir OTL heruntergeladen und beim betroffenen Rechner im Abgesicherten Modus den Scan-Lauf ausgeführt. Anbei habe ich die OTL.txt und die Extra.txt angehängt. OTL.txt Code:
ATTFilter OTL logfile created on: 13.09.2012 15:53:19 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Kevin\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,53 Gb Available Physical Memory | 88,25% Memory free 8,00 Gb Paging File | 7,54 Gb Available in Paging File | 94,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 76,97 Gb Free Space | 16,52% Space Free | Partition Type: NTFS Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.13 15:37:56 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.09 11:56:22 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.17 09:52:14 | 000,098,576 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.04.24 18:13:03 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.07.07 15:59:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.07 13:04:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.02 00:39:22 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.10.08 11:24:48 | 000,145,224 | ---- | M] (H+H Software GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.02.22 19:10:38 | 000,054,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2007.12.17 23:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007.07.27 12:49:46 | 000,036,864 | ---- | M] (Realtek) [Auto | Stopped] -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (RealtekUSB) SRV - [2007.01.11 23:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.07 15:59:04 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.07 15:59:04 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.06.26 13:18:57 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.06.26 13:18:52 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.04.16 17:35:55 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.08.24 11:45:12 | 000,220,696 | ---- | M] (H+H Software GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vdrv1000.sys -- (vdrv1000) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.09 11:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.06.17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus) DRV:64bit: - [2007.11.19 16:00:00 | 000,339,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187) DRV:64bit: - [2007.04.23 14:15:48 | 000,031,016 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\RtlProt.sys -- (RtlProt) DRV - [2012.06.17 09:52:12 | 000,166,576 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.04.14 03:21:50 | 000,017,920 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\Ntaccess.sys -- (WEBNTACCESS) DRV - [2008.02.15 16:30:48 | 000,015,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys -- (FLASHSYS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=stonicger&chnl=stonicger&cd=2XzutAtN2Y1L1QzutDzztDtDtByBtDtD0DzzyCzyyDyE0BzztN0D0TzutBtDtCtBtDyCtBtC&cr=1570030628 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6597E44C-B836-D831-0D24-628F0582E77C}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 4F DA 56 66 C4 CA 01 [binary data] IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{02DC4305-A99B-4317-BA21-EAD48D17ABFD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6597E44C-B836-D831-0D24-628F0582E77C}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..backup.old.browser.search.defaultenginename: "Claro Search" FF - prefs.js..backup.old.browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.search.order.1: "Claro Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@Senseless.TV: C:\Users\Kevin\AppData\Roaming\SenselessTV\ffextension [2012.08.23 14:20:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 11:56:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.09 11:56:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@Senseless.TV: C:\Users\Kevin\AppData\Roaming\SenselessTV\ffextension [2012.08.23 14:20:44 | 000,000,000 | ---D | M] [2011.10.18 16:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions [2012.09.13 15:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\cb4ctdu6.default\extensions [2012.09.09 11:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.09.09 11:56:22 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.03.15 20:13:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 18:43:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.15 20:13:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.15 20:13:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.15 20:13:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.15 20:13:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (SenselessTV Video Plugin) - {991D97B8-F0D8-4EA1-9100-7A65EA2D3A63} - C:\Users\Kevin\AppData\Roaming\SenselessTV\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [WLanConn] C:\Users\Kevin\AppData\Local\Microsoft\Windows\1522\WLanConn.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S7AED.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [Steam] C:\Spiele\Steam\steam.exe (Valve Corporation) O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner[S1].txt () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites) O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites) O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.6.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EECF1CF-D935-4D9D-A7FA-CE5B01A8E78A}: DhcpNameServer = 192.168.137.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFE6D807-23D7-4854-B046-D99A9E4861F5}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA02CB1F-9A31-46C8-ACDA-27873BBC7B67}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.13 15:51:06 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Kevin\Desktop\esetsmartinstaller_enu.exe [2012.09.13 15:50:51 | 178,958,048 | ---- | C] (Emsisoft GmbH ) -- C:\Users\Kevin\Desktop\EmsisoftAntiMalwareSetup.exe [2012.09.13 15:50:51 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe [2012.09.13 15:50:50 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kevin\Desktop\mbam-setup-1.65.0.1400.exe [2012.09.13 14:58:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\hellomoto [2012.09.13 13:37:39 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes [2012.09.13 13:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.13 13:11:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\FlashGet [2012.09.13 13:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet [2012.09.12 13:45:21 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 13:45:21 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.09.09 11:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.08.28 14:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.28 14:36:25 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.08.28 14:36:25 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.28 14:36:16 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.08.23 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\IClaro [2012.08.23 14:20:44 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\SenselessTV [2012.08.15 18:36:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 18:36:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 18:36:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 18:36:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 18:36:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.15 18:36:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.15 18:36:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 18:36:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 18:36:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.15 18:36:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.15 18:36:29 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.15 18:36:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 18:36:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 17:03:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 17:03:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 17:03:45 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 17:03:43 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.13 15:48:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.13 15:48:04 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2012.09.13 15:44:52 | 178,958,048 | ---- | M] (Emsisoft GmbH ) -- C:\Users\Kevin\Desktop\EmsisoftAntiMalwareSetup.exe [2012.09.13 15:43:28 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Kevin\Desktop\esetsmartinstaller_enu.exe [2012.09.13 15:37:56 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe [2012.09.13 13:47:38 | 000,512,399 | ---- | M] () -- C:\Users\Kevin\Desktop\adwcleaner.exe [2012.09.13 13:39:44 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.13 13:39:44 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.13 13:39:44 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.13 13:39:44 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.13 13:39:44 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.13 13:35:22 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kevin\Desktop\mbam-setup-1.65.0.1400.exe [2012.09.13 10:04:01 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 10:04:01 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.28 14:36:12 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.08.28 14:36:11 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.08.28 14:36:11 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.08.28 14:36:11 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.28 14:36:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.28 14:36:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.26 01:59:05 | 000,034,386 | ---- | M] () -- C:\Users\Kevin\Desktop\Verlauf_B27.png [2012.08.23 16:38:13 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.08.22 20:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.08.22 20:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.08.16 13:42:38 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.13 15:50:51 | 000,512,399 | ---- | C] () -- C:\Users\Kevin\Desktop\adwcleaner.exe [2012.08.26 01:59:04 | 000,034,386 | ---- | C] () -- C:\Users\Kevin\Desktop\Verlauf_B27.png [2012.06.20 18:45:44 | 000,001,420 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.06.13 18:57:27 | 000,007,606 | ---- | C] () -- C:\Users\Kevin\AppData\Local\resmon.resmoncfg [2011.06.06 12:29:17 | 000,020,878 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.04.21 16:53:18 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.12.16 02:04:37 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2010.11.15 22:48:06 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.11.10 20:08:57 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.07.22 20:29:11 | 000,007,168 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.28 19:00:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.15 14:13:30 | 000,000,355 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\burnaware.ini < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.09.2012 15:53:19 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Kevin\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,53 Gb Available Physical Memory | 88,25% Memory free 8,00 Gb Paging File | 7,54 Gb Available in Paging File | 94,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 76,97 Gb Free Space | 16,52% Space Free | Partition Type: NTFS Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{074C15FE-479F-47E7-8B91-97AFA59370F1}" = rport=138 | protocol=17 | dir=out | app=system | "{0A6B08E7-43D2-41EB-82D7-E6E5D650FA61}" = rport=445 | protocol=6 | dir=out | app=system | "{0CBBE9CC-15B7-4654-BA58-396EEA8F4FB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{18348E6C-6B55-4896-8861-6746B3A6B9E1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4225C2A1-3A9C-411F-9CE9-4FADA77C4B39}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{44BC9B2C-66EA-495B-B523-567476F75209}" = rport=139 | protocol=6 | dir=out | app=system | "{450CA678-071A-421A-8F2B-4D54B7408AD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4B06607E-ED5A-4888-A0F2-8A3BF9AB5D5D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5DB31F18-5A05-4508-9D6D-C366E3FC10C5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{67CE3C11-2237-4DB7-B1C7-F38BC968D59A}" = lport=137 | protocol=17 | dir=in | app=system | "{850156C5-C002-43E6-A830-6A868F155FB9}" = lport=139 | protocol=6 | dir=in | app=system | "{87E2A490-FE2F-4964-A975-9570BCBEBD92}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{88431E5C-1B4E-4F53-AD3B-002F53205330}" = lport=138 | protocol=17 | dir=in | app=system | "{A97C9EDB-EAD7-4598-B1C1-89E25578BE8F}" = lport=2869 | protocol=6 | dir=in | app=system | "{AB019CC2-DA2B-40C7-840F-E602BBDEA174}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B0E4E055-10E2-4EE7-8A2B-D72F68EB252A}" = rport=10243 | protocol=6 | dir=out | app=system | "{BBBA49D2-24D1-4BF7-AA72-46C5EDAACF8D}" = rport=137 | protocol=17 | dir=out | app=system | "{BC2DCCA5-06E7-466F-90AF-E2D327BA37B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D5FA1A17-C18C-4AC0-9E19-AFDF6BDB0936}" = lport=445 | protocol=6 | dir=in | app=system | "{DBDA6A8E-6545-4988-BCA4-495942D5FCF9}" = lport=10243 | protocol=6 | dir=in | app=system | "{EBC8044A-A3DA-4541-A33F-29FB32BE07AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F9331F1D-B79B-47B4-9001-46CB4EB7C5BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F9C8484A-828F-4128-8B00-889F08F38758}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F9FFD04C-F667-479C-978F-62ABA0B304B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03E0B23A-9BAF-442F-98B2-AED8CC75192B}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\misterperfekt\counter-strike\hl.exe | "{04CE7EB8-302D-4376-96A9-A19A8A0209E1}" = protocol=6 | dir=in | app=c:\spiele\earth 2160\earth2160_sse.exe | "{0581CD7E-D148-440E-ACF3-C0DB9CD9ADFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{08C2BF68-B828-42F4-94EA-5321992466E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{09BF5217-53CF-435A-8DEF-DCCC6A15F6C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0D040318-20FB-4B67-A12E-37289AABCEDD}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{0D36F587-505B-479D-A36F-095A55B344F2}" = protocol=6 | dir=in | app=c:\spiele\earth 2160\earth2160_no_sse.exe | "{0EC4E88A-937B-4473-B292-2F5843A69258}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{0FCDF8E0-FF07-4480-B470-C7E6A46C90BC}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\misterperfekt\counter-strike\hl.exe | "{11E5834B-7913-42A3-B407-426C7AA151BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{173107AD-9660-4F26-9529-F37CF8C8FD4B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{173B5358-6A7F-4397-BA08-9A40DA42F48F}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\misterperfekt\counter-strike\hl.exe | "{185C7326-51F0-4761-A556-998024AB295B}" = protocol=17 | dir=in | app=c:\spiele\earth 2160\earth2160_sse.exe | "{1A14E98C-1FFA-428E-8110-75A6431C8E13}" = protocol=17 | dir=in | app=c:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | "{1F1D11F4-86C9-481E-A7C1-7D01079D57F4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{20E389DE-68A5-4C13-91E7-CAC96AAA5C74}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{21C70DC7-550D-4921-BABD-3441D4D5D7E8}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | "{24DF60D2-4892-4D67-841D-F84DEDF0EB3F}" = protocol=6 | dir=in | app=c:\spiele\dragon age\bin_ship\daorigins.exe | "{257F69EA-3CC5-4561-AECE-5BB9F4E5E771}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2BD9689A-F833-40C6-B023-78A44AABDA8D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{30246481-71F9-45B4-84B8-CF2E71D816C1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{31AD4537-3881-4FD1-A574-280953D0E989}" = protocol=17 | dir=in | app=c:\spiele\earth 2160\earth2160_no_sse.exe | "{32503A57-8599-4741-8019-443FFD2A949C}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\misterperfekt\day of defeat\hl.exe | "{34EF1ABD-75A4-4F8B-BAAD-D34044339BF5}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{3D3DDF5A-0946-4F19-8E7F-3E15F63C871D}" = protocol=6 | dir=in | app=c:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe | "{43B0ECB5-F5DB-4E2E-ADD5-D4EDEAA9F67A}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{45192210-EAA5-45A1-A97B-A0B41BC99F8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{455B44E4-9CD6-4DA9-A90C-616B18C8A319}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{489924AB-BF75-415C-84FF-9A4DC4607EB7}" = protocol=6 | dir=in | app=c:\spiele\steam\steam.exe | "{4F534C09-93B8-4C97-B359-4395EABF86B9}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\misterperfekt\condition zero\hl.exe | "{504198B4-3F8B-4DE2-9E6F-593637EC23B8}" = protocol=17 | dir=in | app=c:\spiele\steam\steam.exe | "{53CE7A10-0241-4271-AC28-CEB690E8CA02}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{57AD3335-F948-48C7-9355-BC4F831C83B0}" = protocol=17 | dir=in | app=c:\spiele\battlefield 2142\bf2142.exe | "{5950FF31-D3A1-4B89-ACDF-F22AAA8B4974}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\misterperfekt\condition zero\hl.exe | "{60A293B9-046E-48B4-B660-46C0F0B0D9DA}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\misterperfekt\day of defeat\hl.exe | "{61EC13EC-C950-466D-9298-471FB32225BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{639225CC-FD2A-451B-A95E-478C0CAE7759}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6854CE2B-9A35-4A06-A67F-1DCB5FBA382D}" = protocol=6 | dir=in | app=c:\spiele\battlefield bad company 2\bfbc2updater.exe | "{719E32E3-369C-42B7-B990-E22F0BB386FB}" = protocol=6 | dir=in | app=c:\spiele\battlefield 2\bf2.exe | "{772AEB99-0706-4095-9A5F-A4259904AF8A}" = protocol=6 | dir=in | app=c:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | "{7AA11614-9FA5-4A20-83D3-C19B0CA1E65B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{7AD6D9D9-3745-4DDA-8B0B-C0F659B275F3}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\misterperfekt\condition zero\hl.exe | "{7ECF7038-20B4-4E63-A172-ADEEBC9187E2}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\frontlines-fuel of war\binaries\ffow.exe | "{8085C0D6-95EF-433D-BA69-61CEA15687FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{86640E1C-93B7-4ED6-879B-C949E8FDDDBF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{8976E466-A3D3-48A1-A01D-093C011A7085}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8A18C523-C06E-4058-84E8-FE19C9CC5B33}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8C4B8BEE-E0D6-404A-B559-1E048A5E09A0}" = protocol=17 | dir=in | app=c:\spiele\unreal tournament 3 (lg)\binaries\ut3.exe | "{90BDA39F-14A4-432C-8357-AF26138BC429}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{95800A53-4BCE-4790-AF94-5AA6844877CB}" = protocol=17 | dir=in | app=c:\spiele\battlefield 2\bf2.exe | "{A29B2F49-8B64-4C59-86AE-B52362B1C216}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\misterperfekt\counter-strike\hl.exe | "{A47CC36E-D616-40B6-9A1F-3BE3B89B9FFD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A6294FB3-AE72-4707-9FBF-10BA724B2793}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A83C4CB9-AFBB-4ADC-A7CE-924BDC16A6E6}" = protocol=17 | dir=in | app=c:\spiele\dragon age\daoriginslauncher.exe | "{A9F98FD7-80F0-4047-8A1E-4CA29117D1A6}" = protocol=6 | dir=in | app=c:\spiele\battlefield 2142\bf2142.exe | "{AC6ED236-55F8-4995-A152-74F3B82A66F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AF69C0F4-217B-4B41-AA9E-14CB8C5E4809}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{C0D9C725-3D0F-4DA4-A766-8E3712C146DB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{C279A542-C6A1-4B61-9F8F-9A7B1AFAC808}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\misterperfekt\condition zero\hl.exe | "{D1DE6C77-5694-44BE-8963-1F07221FC0D7}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | "{D5197C8F-492E-4842-A797-114CC710D3CA}" = protocol=17 | dir=in | app=c:\spiele\battlefield bad company 2\bfbc2updater.exe | "{D5AACD06-23EF-467C-9B68-CC50A6F50440}" = protocol=17 | dir=in | app=c:\spiele\dragon age\bin_ship\daorigins.exe | "{DBEF5D36-DDBA-4B16-9509-67D4814EA1C8}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{DC9ED2D7-0279-4C13-8E70-1E1FD55031D2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{DE803C88-8C3F-4412-9175-FCDBFA7BCC8F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DECAB6A6-EACC-4BEA-BD61-98F26C872D7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E29E31AE-785E-4CF4-B357-90A138BDB7EE}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | "{E627F1C1-F96C-4035-8F25-4E3741BEDB05}" = protocol=6 | dir=out | app=system | "{E6A2A75F-6DD7-433C-BB08-D57447233897}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | "{E750B8C8-8BAF-429F-AEB1-6F7B0B0EF5FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F0B1ED01-94C1-4376-AD63-74A672ACB6C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F15AC469-EBD8-43B6-AFF8-A2FC0D8F03D1}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\frontlines-fuel of war\binaries\ffow.exe | "{F3A644EB-158E-4A22-A107-3C581EE35338}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{F673EA53-8C68-4426-9C3E-BBFE5E6BF9B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F736BDE9-7D91-4BAE-A329-A7551F6273CC}" = protocol=6 | dir=in | app=c:\spiele\dragon age\daoriginslauncher.exe | "{FDB6D471-BC98-4640-96A4-31AF55988D68}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit) "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 270.61 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FD67869B-C97B-4F2C-AD80-ABF130238441}" = Oracle VM VirtualBox 4.1.16 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Sandboxie" = Sandboxie 3.72 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{0FCA0973-24C0-48EA-8CF6-71B53C135C09}" = Microsoft Office Communicator 2007 "{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6 "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{486CC64F-030A-4C9A-8716-87E26D28FKQ3REDUX}_is1" = King's Quest III Redux: To Heir is Human (1.0) "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74AF34F6-ACF4-438C-9C7E-FA0307B60E45}" = IClaroInstaller "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic "{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ "{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187 Wireless LAN Driver and Utility "{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D18E9DB2-AC98-4399-8878-C1059403144D}" = Iminent "{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components "{DBE82D80-AFFD-11D4-AD8F-006008BFFBC1}" = Skispringen Herausforderung 2001 "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card "{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 "{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1}_is1" = ArcaniA - Gothic 4 Patch "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN Card "{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AMP WinOFF" = AMP WinOFF "ArcaniA" = ArcaniA - Gothic 4 "Audacity_is1" = Audacity 1.2.6 "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BurnAware Free_is1" = BurnAware Free 2.4.5 "Counter-Strike Source" = Counter-Strike Source "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Das Quiz mit Jörg Pilawa Special" = Das Quiz mit Jörg Pilawa Special "Die Wiege Roms" = Die Wiege Roms "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER "Dungeon Lords_is1" = Dungeon Lord (v1.4) "ENTERPRISER" = Microsoft Office Enterprise 2007 "EPSON Scanner" = EPSON Scan "Epson Stylus SX110_TX110 Benutzerhandbuch" = Epson Stylus SX110_TX110 Handbuch "FFOLKES Unlocks123 mod v1.4.1" = FFOLKES Unlocks123 mod v1.4.1 "Free CD to MP3 Converter" = Free CD to MP3 Converter "G3QP231012008_is1" = Questpaket 4 Update 1 Deinstallation "Gothic II" = Gothic II "Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben "Gothic-Patch 1.07c" = Gothic-Patch 1.07c "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "IrfanView" = IrfanView (remove only) "IsoBuster_is1" = IsoBuster 2.7 "Liveupdate4_is1" = Liveupdate4 "MKVtoolnix" = MKVtoolnix 4.4.0 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PartyPoker" = PartyPoker "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "Schlag den Raab_is1" = Schlag den Raab "SearchCore for Browsers" = SearchCore for Browsers "Senseless.TV Video Plugin" = Senseless.TV Video Plugin 1.0 "SeriousSam2" = Serious Sam 2 "Steam App 30" = Day of Defeat "Steam App 40" = Deathmatch Classic "Steam App 60" = Ricochet "Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack "Steamless Team Fortress 2 Pack" = Steamless Team Fortress 2 Pack "Tales of Monkey Island" = Tales of Monkey Island "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Two Worlds II" = Two Worlds II "VLC media player" = VLC media player 1.0.5 "Warcraft III" = Warcraft III "WinRAR archiver" = WinRAR "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.08.2012 10:07:06 | Computer Name = Kevin-PC | Source = Iminent | ID = 0 Description = Error - 30.08.2012 05:01:26 | Computer Name = Kevin-PC | Source = Iminent | ID = 0 Description = Error - 30.08.2012 05:02:46 | Computer Name = Kevin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 10.0.1.59, Zeitstempel: 0x4dff1b26 Name des fehlerhaften Moduls: AVGIO.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4d5909e0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00b99b02 ID des fehlerhaften Prozesses: 0x6b8 Startzeit der fehlerhaften Anwendung: 0x01cd868de2a523f1 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe Pfad des fehlerhaften Moduls: AVGIO.DLL Berichtskennung: 76819cb6-f281-11e1-b929-08002700d869 Error - 02.09.2012 04:01:42 | Computer Name = Kevin-PC | Source = Iminent | ID = 0 Description = Error - 02.09.2012 05:38:56 | Computer Name = Kevin-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144 Name des fehlerhaften Moduls: vc10extse64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ac33e77 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fef45789a8 ID des fehlerhaften Prozesses: 0x920 Startzeit der fehlerhaften Anwendung: 0x01cd88e10f7ba3b2 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: vc10extse64.dll Berichtskennung: 03a1ddc5-f4e2-11e1-b717-08002700d869 Error - 05.09.2012 09:02:31 | Computer Name = Kevin-PC | Source = Iminent | ID = 0 Description = Error - 09.09.2012 11:09:55 | Computer Name = Kevin-PC | Source = Iminent | ID = 0 Description = Error - 13.09.2012 09:06:34 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kevin\Desktop\Neuer Ordner\SoftonicDownloader_fuer_skat.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 13.09.2012 09:06:34 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kevin\Desktop\Neuer Ordner\SoftonicDownloader_fuer_ubuntu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 13.09.2012 09:46:25 | Computer Name = Kevin-PC | Source = Microsoft-Windows-CAPI2 | ID = 512 Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden. Details: Could not query the status of the EventSystem service. System Error: Der Computer wird heruntergefahren. . Error - 13.09.2012 09:50:43 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "J:\Rechner_retten\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 13.09.2012 09:48:43 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.09.2012 09:48:43 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.09.2012 09:48:43 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.09.2012 09:48:43 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.09.2012 09:48:43 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.09.2012 09:49:50 | Computer Name = Kevin-PC | Source = DCOM | ID = 10005 Description = Error - 13.09.2012 09:50:37 | Computer Name = Kevin-PC | Source = DCOM | ID = 10005 Description = Error - 13.09.2012 09:50:37 | Computer Name = Kevin-PC | Source = DCOM | ID = 10005 Description = Error - 13.09.2012 09:50:37 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.09.2012 09:55:54 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Mfg |
16.09.2012, 07:34 | #2 |
/// the machine /// TB-Ausbilder | BKA Trojaner (Computer für Verletzung der BRD blockiert) Hi,
__________________Sorry für die Verspätung. Brauchst Du immer noch Hilfe?
__________________ |
Themen zu BKA Trojaner (Computer für Verletzung der BRD blockiert) |
antivir, audacity, audiograbber, avira, bandoo, bho, blockiert, bonjour, claro, claro search, computer, emsisoft, error, excel, firefox, flash player, format, helper, install.exe, logfile, monkey island, mozilla, mp3, nvidia update, office 2007, plug-in, realtek, richtlinie, rundll, searchcore, security, software, svchost.exe, system error, teamspeak, trojaner, version., virtualbox, virus, windows |