Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.10.2012, 20:03   #1
Der A
 
Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner - Standard

Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner



Hallo Trojaner-Board-Mitglieder,

Betriebssystem: Win7 64bit
AntiVirus: MSE
Firewall: von Windows, mit Windows 7 Firewall Control und Hardware-Firewall

Vor ein paar Tagen meldete mir MSE beim Surfen im Internet, dass es eine Gefährung beseitigt hätte und keine weiteren Maßnamen nötig wären.
Im Log sah ich dann, dass es einen Trojaner namens Gataka (der sich als googleupdate.exe im User Ordner versteckte) gelöscht und einen Java Exploit in Quarantäne geschickt hat. Die Uhrzeit der Meldung wurde aber ständig aktualisiert solange Firefox offen war – Firefox Profil war wohl infiziert.
Ein neuer wurde angelegt und es kamen keine neuen Meldungen.

Nichtsdestotrotz wurden mir vorher zwei neue Java Exploits gemeldet: Exploit:Java/CVE-2010-0842.AZ und Exploit:Java/CVE-2011-3544.CG (den Namen des ersten Exploits hab ich leider nicht mehr).

Zum Glück fand ich schnell euer Board (hätte ich das mal vor 10 Jahren gekannt, hab in letzter Zeit keine Erfahrungen mit Malware gesammelt, aber kaum hab ich mal das Java Plugin nach ner UStVa aktiviert gelassen, passiert sowas).

Generell habe ich keine Veränderungen am System feststellen können, außer dass Firefox zuletzt etwas lahm war. Nun habe ich den Eset Online-Scanner, Emisofts Anti-Malware und den TDSKiller laufen lassen, ohne Ergebnis. Nur bei Emisoft gabs einen Trojan False Alert (siehe logs unten).

Ich habe diverse Logs angehängt, kann man daraus deuten ob mein System eventuell noch befallen ist?

OTL
Code:
ATTFilter
OTL logfile created on: 09.10.2012 20:37:04 - Run 3
OTL by OldTimer - Version 3.2.70.2     Folder = E:\Tools
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,84% Memory free
9,86 Gb Paging File | 7,36 Gb Available in Paging File | 74,64% Paging File free
Paging file location(s): c:\pagefile.sys 6000 7000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292,97 Gb Total Space | 129,12 Gb Free Space | 44,07% Space Free | Partition Type: NTFS
Drive E: | 303,10 Gb Total Space | 115,64 Gb Free Space | 38,15% Space Free | Partition Type: NTFS
 
Computer Name: ALEXEJ-PC | User Name: Alexej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - E:\Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - E:\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits)
PRC - C:\Program Files (x86)\1Password\Agile1pService.exe (AgileBits)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - E:\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
PRC - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe (Extensis a division of Celartem, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - E:\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu ()
MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\1Password\js3215R.dll ()
MOD - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\ExtensisToolbox-1031.dll ()
MOD - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\libxml2.2.6.24.dll ()
MOD - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\iconv-1.9.2.dll ()
MOD - C:\Program Files (x86)\Extensis\Suitcase Fusion 3\libcharset.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Agile1Password) -- C:\Program Files (x86)\1Password\Agile1pService.exe (AgileBits)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (wampmysqld) -- E:\Design\Web\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe ()
SRV - (TabletServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe (Wacom Technology, Corp.)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (wampapache) -- E:\Design\Web\wamp\bin\apache\Apache2.2.21\bin\httpd.exe (Apache Software Foundation)
SRV - (Windows7FirewallService) -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (EyeOneDisplay) -- C:\Windows\SysNative\drivers\i1display_x64.sys (GretagMacbeth LLC)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (atillk64) -- E:\Tools\Tuning\Radeon Bios Editor\winflash\atillk64.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 63 28 8B 50 9E CD 01  [binary data]
IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-277113493-306563280-2322027683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.04 18:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.08.16 19:28:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.05 20:31:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 01:31:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.25 18:40:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.11.05 02:06:14 | 000,000,000 | ---D | M] (No name found) -- E:\AppData\Roaming\Mozilla\Extensions
[2012.10.05 20:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = E:\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = E:\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = E:\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = E:\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Google Update (Enabled) = E:\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: WOT = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.4_0\
CHR - Extension: YouTube = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Tampermonkey = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.6.2767_0\
CHR - Extension: AdBlock = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: 1Password = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkndfifopckmhdkohjeoljlbfnjhekfg\3.9.8.39899_0\
CHR - Extension: Stealthy = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Mein Chrome-Design = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\1.1.0_0\
CHR - Extension: Stylebot = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha\1.7_0\
CHR - Extension: Google Mail = E:\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.08.31 19:28:01 | 000,000,889 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL (AgileBits)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-277113493-306563280-2322027683-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-277113493-306563280-2322027683-1000..\Run: [FMCore.exe] C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe (Extensis a division of Celartem, Inc.)
O4 - HKU\S-1-5-21-277113493-306563280-2322027683-1000..\Run: [Spotify Web Helper] E:\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\basICColor display4 VideoLUT Loader.lnk = C:\Program Files (x86)\basICColor Software\basICColor display 4.1\LUTLoader.exe (Color Solutions)
O4 - Startup: C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\ScreenManager Pro for LCD Ver3.3.0.lnk = C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL (AgileBits)
O9 - Extra 'Tools' menuitem : 1Password	Ctrl+Alt+ß - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL (AgileBits)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{604E0092-F9A6-4C99-A0DF-E9C78BCCFE48}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{640D48A4-6782-4B59-BAF3-CACF8D33A0E9}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.08 23:22:30 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\SUPERAntiSpyware.com
[2012.10.08 23:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.10.08 23:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.10.08 23:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.10.07 23:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.10.07 23:30:33 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.07 23:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.10.07 23:21:45 | 000,000,000 | ---D | C] -- E:\AppData\Local\Secunia PSI
[2012.10.07 23:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.10.06 18:07:14 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\Malwarebytes
[2012.10.06 18:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.06 18:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.06 18:06:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.06 18:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.06 17:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.05 21:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.10.05 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.10.05 21:08:03 | 000,000,000 | ---D | C] -- E:\Documents\Anti-Malware
[2012.10.05 19:54:48 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.10.05 19:54:34 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.04 00:18:08 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\QTTabBar
[2012.10.03 20:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012.10.03 20:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012.10.03 14:23:20 | 000,000,000 | ---D | C] -- E:\Documents\Guild Wars 2
[2012.09.29 17:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2012.09.26 20:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.09.26 20:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fraps
[2012.09.26 19:04:45 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.23 20:02:46 | 000,000,000 | ---D | C] -- E:\Documents\1Password
[2012.09.23 20:02:41 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\Agile Web Solutions
[2012.09.23 20:01:58 | 002,371,584 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\SysWow64\ChilkatZip2.dll
[2012.09.23 20:01:58 | 001,572,864 | ---- | C] (Chilkat Software, Inc.) -- C:\Windows\SysWow64\ChilkatCrypt2.dll
[2012.09.23 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1Password
[2012.09.23 20:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1Password
[2012.09.22 16:40:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 16:40:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 16:40:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 16:40:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 16:40:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 16:40:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 16:40:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 16:40:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 16:40:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 16:40:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 16:40:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 16:40:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 16:40:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 16:40:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 16:40:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.18 16:21:21 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012.09.14 23:15:14 | 000,000,000 | ---D | C] -- E:\Documents\My Received Files
[2012.09.14 17:21:45 | 000,000,000 | ---D | C] -- E:\AppData\Local\Spotify
[2012.09.14 17:21:14 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\Spotify
[2012.09.14 17:14:39 | 000,000,000 | ---D | C] -- E:\AppData\Local\NuGet
[2012.09.12 20:31:56 | 000,000,000 | ---D | C] -- E:\AppData\Roaming\NuGet
[2012.09.12 20:12:27 | 000,000,000 | ---D | C] -- C:\Chocolatey
[2012.09.12 19:30:15 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 19:30:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 19:30:14 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 19:30:14 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.09 20:14:32 | 000,028,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 20:14:32 | 000,028,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 20:13:54 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.09 20:13:54 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.09 20:13:54 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.09 20:13:54 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.09 20:13:54 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.09 20:09:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 20:09:09 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 01:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.09 01:48:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-277113493-306563280-2322027683-1000UA.job
[2012.10.08 23:49:09 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-277113493-306563280-2322027683-1000Core.job
[2012.10.08 21:22:53 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.08 21:22:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.07 23:30:33 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.07 23:28:57 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.10.05 19:54:29 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.05 19:54:28 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.10.05 19:54:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.05 19:54:27 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.10.05 19:54:27 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.10.05 19:54:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.05 19:42:23 | 000,007,654 | ---- | M] () -- E:\AppData\Local\resmon.resmoncfg
[2012.10.03 20:01:44 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.10.02 22:55:57 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.01 19:23:46 | 005,123,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.26 22:38:58 | 000,011,776 | ---- | M] () -- E:\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.25 22:36:45 | 000,001,146 | ---- | M] () -- E:\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.09.22 17:07:51 | 000,001,456 | ---- | M] () -- E:\AppData\Local\Adobe Für Web speichern 13.0 Prefs
 
========== Files Created - No Company Name ==========
 
[2012.10.07 23:28:57 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.10.07 23:28:57 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.10.07 23:21:41 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.10.03 20:01:44 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.09.28 19:01:54 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2012.09.25 22:36:45 | 000,001,146 | ---- | C] () -- E:\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.09.22 15:44:32 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2012.09.14 17:21:44 | 000,001,840 | ---- | C] () -- E:\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.08.28 18:46:12 | 000,000,132 | ---- | C] () -- E:\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.06.20 00:13:51 | 000,001,456 | ---- | C] () -- E:\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.06.12 19:17:17 | 000,011,776 | ---- | C] () -- E:\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.21 18:20:03 | 000,001,264 | RHS- | C] () -- C:\Users\Alexej\ntuser.pol
[2012.03.28 01:04:48 | 000,007,654 | ---- | C] () -- E:\AppData\Local\resmon.resmoncfg
[2012.01.26 20:48:44 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012.01.24 20:37:57 | 000,000,132 | ---- | C] () -- E:\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.13 18:07:12 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2011.12.27 23:15:21 | 000,000,132 | ---- | C] () -- E:\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.11.13 16:57:08 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011.11.13 16:57:00 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.11.13 16:57:00 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011.11.08 00:46:33 | 000,000,010 | ---- | C] () -- C:\ProgramData\.93067BD7-6BGG-312E-86F3-566EB31BBC4E
[2011.11.08 00:46:33 | 000,000,010 | ---- | C] () -- E:\AppData\Local\.56C369H5-8CEH-20F1-75G2-452FC2FCCD50
[2011.11.04 23:28:20 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.04 20:49:54 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.11.04 20:47:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.23 08:56:16 | 004,738,560 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011.09.25 18:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.12 17:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.01.04 15:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.09.01 19:47:26 | 000,001,456 | ---- | C] () -- E:\AppData\Local\Adobe Für Web speichern 12.0 Prefs
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras
Code:
ATTFilter
OTL Extras logfile created on: 09.10.2012 20:37:04 - Run 3
OTL by OldTimer - Version 3.2.70.2     Folder = E:\Tools
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,84% Memory free
9,86 Gb Paging File | 7,36 Gb Available in Paging File | 74,64% Paging File free
Paging file location(s): c:\pagefile.sys 6000 7000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292,97 Gb Total Space | 129,12 Gb Free Space | 44,07% Space Free | Partition Type: NTFS
Drive E: | 303,10 Gb Total Space | 115,64 Gb Free Space | 38,15% Space Free | Partition Type: NTFS
 
Computer Name: ALEXEJ-PC | User Name: Alexej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F05E34-31FF-45A9-BF3E-99A8F8886E74}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0AF7A603-D4F4-425B-B94D-0069D63BECFA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1C963316-AA01-4430-8A17-C0903CA5F822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{26230D9A-AA5C-47DB-894A-886D8B470951}" = rport=137 | protocol=17 | dir=out | app=system | 
"{39D3CAFD-0986-4922-98CE-CDE843AAA449}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C81A738-B69A-4609-A66C-7D40FBD0597D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{40D710D6-52EE-40C6-9236-87A7871C71B1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6B1E33FC-382F-4660-A0CA-2D98707D56A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{782046AA-BD34-48B2-B3B7-37D19F79BA68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A2EF394-6142-45B5-9AFD-4C1575E09886}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9D43EB7C-33C5-44A1-845C-F5FDD22DB248}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B407FCBA-1F9E-480D-B4D7-1A5305769ABC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B4D44AA1-79FE-4C52-9D0D-DC722E40880A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B8358A18-4A74-43EC-8D70-BD1FC39E08D5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CF5C0903-803B-4D38-9948-5E80F8AF37DF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DF012D16-D58F-43B4-8FF0-590E0014E944}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E3C731CF-5A6B-402C-B711-9DC57350FDD5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E4EBC0C1-BC84-4EC2-A52B-0E056D1293CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8AFB130-AFBE-4144-A773-0FB45833C11C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F09FD322-27DD-49BC-99E9-7FDF146AC18E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FD6FAE7A-B6F2-4701-B61E-51871D7B6778}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012400B3-D07E-43FF-A3A2-F0CE1F208AD1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{02447779-50AD-4B70-B064-FB6CA8D30C20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{08834A61-506E-4680-B5F5-3CC60B14F1D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{0D0A05CC-BAA7-4038-A6D2-1BD4131659DB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{1B7663C6-8D97-411F-80A6-9A2D0CB97BE3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1DE3B6DE-CC1F-40D7-A7D4-A795F86AD09C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1FC71E2C-26B4-46FF-8951-19EF20BEA04F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{23D77C7C-BA2A-4E04-B58B-8FCE20ED4712}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{2936F37C-39DB-4216-9F8D-77C016F916AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{36ACC59C-3414-49AB-BD06-ABFAC50D36B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A27F700-044C-4A82-85F2-75E2F9D326AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3F3430AE-FA01-46D5-9E01-51D0ACEA28D7}" = protocol=6 | dir=in | app=e:\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4BC18EF0-AF54-401E-9210-D6163FE40439}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B069FB0-6C39-4C30-AF64-4FD8BA66A87C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C28AEBB-5782-4562-9933-3AEC436DBB08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6440B556-87F6-45B4-83FB-FE0E7E5BEF11}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6848DDC1-6FE5-451C-9A85-291C1A447F49}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7A24FCC7-6B1D-42B4-886C-D4AB9164EAE4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{875C2BDE-F633-429F-BC21-591026E47B8A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8AD350DC-E411-4F51-B989-B4621AB23F61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C696730-5124-44B1-BDF6-4E858CEB589D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8E33A0F5-3571-4D78-8A2F-44472C40482A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8EE424FD-6425-4F2F-897F-3BE553A1E1ED}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9260A74C-166B-4B6F-9B25-648A3FD6CCB8}" = protocol=6 | dir=out | app=system | 
"{9AB05F74-F714-413F-BCF0-AC964C00A087}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{9C27E89D-DB9B-4A05-9017-DA1DD081EE13}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9EE80AB3-B918-46E1-86B8-A7D0F2CFF6C1}" = protocol=17 | dir=in | app=e:\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AD5DE146-4408-4D98-A3C5-F38E220912A6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B3A8261F-F732-46C7-9B37-887B215F2045}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{BA0B5BEC-ABB8-4771-AADE-C12B2F0C10F8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BC06FC15-51D4-4899-955E-320E25F64639}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC64EED0-3FAD-46ED-9718-3F5160341AA7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BD365CED-3369-4ECC-90AD-F243DB52B692}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDE53C72-4A67-45A9-BF2C-7EF072173C24}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BE027EA0-C75D-42E1-8C6B-3BBDE992C942}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C33E1405-7D92-4C00-A4CE-852665D54DAD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C4036A9C-A86E-4305-BE4C-0E90625FECA0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{CB09767A-C30C-4ED6-8AA3-6781C019A260}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{F4560B69-FD96-43CB-AC5D-3FA075346DA4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F7E152CC-9702-432F-B273-EFF7DA1D657A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{F97EFA76-1499-49FD-905A-C1AEEFF0CC73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FADF99D0-69A0-4CFA-A18C-9C197C228CB5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FC14C0E5-B74C-477D-8A60-021016D8EC81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF74CD61-71F1-4BC5-806A-79501EAA70A2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{0320E995-1833-428B-BB1F-DB512FCF1A09}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{11BAAE94-5226-47E1-8ABB-EFE34933AC3E}C:\program files (x86)\adobe\adobe flash cs6\flash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs6\flash.exe | 
"TCP Query User{20CF0B86-3D48-4ADF-B8B6-AFC2230FEBD2}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{2ADFDED0-77E4-4711-90D2-1D1F6D1287BB}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{4FCAF3F8-C4C3-4C86-A543-7C0B9DE38B27}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{676ABCE0-B5D0-469B-8AE2-434ED17E28B1}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{8E74AA42-F6B7-43DE-A0B2-2C1FAF0BA56C}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"TCP Query User{924D5A61-1557-4435-ABF7-C1BB30D4375C}C:\program files\sublime text 2\sublime_text.exe" = protocol=6 | dir=in | app=c:\program files\sublime text 2\sublime_text.exe | 
"TCP Query User{9EB2403F-99EA-43A1-A9E0-9C6BE4BDD0CB}C:\program files\java\jre7\launch4j-tmp\fire-app.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\fire-app.exe | 
"TCP Query User{B755F6A7-0C64-4B0E-A42B-B4119409BC31}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{B86DA915-3243-4994-9B91-E4D756F3A93F}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{C1253740-5FA3-4E84-95BF-39076D311086}E:\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=e:\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{CA1E147F-238B-4D52-B15F-D10554606268}E:\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=e:\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{DB9E69CF-B533-4A50-A441-10F541F92FCC}E:\design\web\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=6 | dir=in | app=e:\design\web\wamp\bin\apache\apache2.2.21\bin\httpd.exe | 
"TCP Query User{F5C882DF-191C-4DBE-B66E-41240F40BC74}C:\users\alexej\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\alexej\appdata\local\temp\gw2.exe | 
"TCP Query User{FB7AF3CA-6C65-466F-A6AD-D1E6AC53B143}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{195964C5-A588-4E02-9242-DA6138B7CCCC}C:\program files (x86)\adobe\adobe flash cs6\flash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash cs6\flash.exe | 
"UDP Query User{4BBB4E10-93C6-432D-AE1A-6DB86E7C39F6}C:\program files\sublime text 2\sublime_text.exe" = protocol=17 | dir=in | app=c:\program files\sublime text 2\sublime_text.exe | 
"UDP Query User{668CA28B-5690-4624-BEB5-40D15BCF93A0}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"UDP Query User{75E7BB40-AECD-48A4-A847-44C769059BF3}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{84DAF44C-3561-456A-86E7-878FC4A3249C}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"UDP Query User{8EC0486E-E60D-4BFE-9D86-08A02BC193C0}E:\design\web\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=17 | dir=in | app=e:\design\web\wamp\bin\apache\apache2.2.21\bin\httpd.exe | 
"UDP Query User{A44CAEC3-CF83-4253-90D8-AB5A21CD697B}C:\program files\java\jre7\launch4j-tmp\fire-app.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\fire-app.exe | 
"UDP Query User{C6C69E19-91CD-4820-A992-825F3BDCB890}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{CA824DCE-F95E-495F-B744-EFA4BC0596DF}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{E49DB278-8C13-4A3D-84EB-C4DF14ACCDB0}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{EB8CCEFD-373C-411C-A8D7-697865D6B763}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{ECDF9493-9DC8-4B68-9916-D70FE9330F87}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{F88D2BBF-93D7-44A0-A626-E404F6D5BDB7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{FAEF02D7-3E08-460B-A597-4EA6636E8EC5}C:\users\alexej\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\alexej\appdata\local\temp\gw2.exe | 
"UDP Query User{FDA41DC9-3479-4CD1-AFBD-2B78F65EDFCF}E:\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=e:\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{FECEB64F-BEC4-4B51-81E8-A400694A8C19}E:\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=e:\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{089E65D5-D06A-FE49-8D9C-9CABDF8858F5}" = ccc-utility64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF1445AC-106C-4A8F-B344-11870D57413C}" = Node.js
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SP6" = Logitech SetPoint 6.32
"Sublime Text 2_is1" = Sublime Text 2.0.1
"TeraCopy_is1" = TeraCopy 2.27
"Unlocker" = Unlocker 1.9.1-x64
"Wacom Tablet Driver" = Wacom Tablett
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.1.21.93
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"x64 Components_is1" = x64 Components v3.2.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.0
"{24BAF91E-4A03-455C-88F7-BF2457F98347}_is1" = basICColor display 4.1.20
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3BCD05CE-8CDE-9503-8794-D8CDB9FA8562}" = Catalyst Control Center InstallProxy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{7EDF4F60-E41A-4D55-8400-A633443C0065}" = QTTabBar 1.5.0.0 Beta 2
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = Catalyst Control Center
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AD0F13E2-0554-454C-83AD-0D19291FE924}" = Extensis Suitcase Fusion 3
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD
"{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1" = MiniTool Partition Wizard Home Edition 7.0
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1100000-0010-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2DDDE93-4AA2-3116-3985-57CCFF4F804C}" = Adobe® Content Viewer
"{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}" = FontLab Studio 5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"1Password_is1" = 1Password 1.0.9.299
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.2.3
"Android SDK Tools" = Android SDK Tools
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Fraps" = Fraps
"GalaxyNexusToolKit740" = Galaxy Nexus ToolKit
"Guild Wars 2" = Guild Wars 2
"i1_driver_installer_utility_is1" = i1_driver_installer_utility version 1.0
"i1_driver_installer_wizard_is1" = i1_driver_installer_wizard version 1.0
"InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Miranda IM" = Miranda IM 0.10.2
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Mp3tag" = Mp3tag v2.49a
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Revo Uninstaller" = Revo Uninstaller 1.93
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.2
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WampServer 2_is1" = WampServer 2.2
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-277113493-306563280-2322027683-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.09.2012 10:20:31 | Computer Name = Alexej-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c30    Startzeit: 
01cd9666fd9734a7    Endzeit: 40    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 298e3dcc-0265-11e2-b133-0023542a21ba  
 
Error - 19.09.2012 12:46:49 | Computer Name = Alexej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_wcncsvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c96e  Ausnahmecode: 0xc0020043  Fehleroffset: 0x000000000008a973
ID
 des fehlerhaften Prozesses: 0x12b4  Startzeit der fehlerhaften Anwendung: 0x01cd968469bf2f66
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\RPCRT4.dll  Berichtskennung: 9ac51fb3-0279-11e2-971b-0023542a21ba
 
Error - 26.09.2012 12:55:05 | Computer Name = Alexej-PC | Source = TabletServiceWacom | ID = 1
Description = 
 
Error - 29.09.2012 10:42:31 | Computer Name = Alexej-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 63c    Startzeit: 01cd9e508a603168    Endzeit: 10    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 29.09.2012 11:39:07 | Computer Name = Alexej-PC | Source = VSS | ID = 22
Description = 
 
Error - 29.09.2012 11:39:07 | Computer Name = Alexej-PC | Source = VSS | ID = 8193
Description = 
 
Error - 03.10.2012 14:18:41 | Computer Name = Alexej-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f3c    Startzeit: 
01cda192155717a8    Endzeit: 35    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 befeda8f-0d86-11e2-81e1-0023542a21ba  
 
Error - 05.10.2012 14:18:18 | Computer Name = Alexej-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ecc    Startzeit: 
01cda325aea20bad    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 05a5a09c-0f19-11e2-b7f1-0023542a21ba  
 
Error - 06.10.2012 11:55:50 | Computer Name = Alexej-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\esetsmartinstaller_deu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 07.10.2012 09:31:35 | Computer Name = Alexej-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 25.04.2012 12:20:48 | Computer Name = Alexej-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

	Feature:
 %%835     Error Code: 0x80004005     Error description: Unbekannter Fehler      Reason: %%842
 
Error - 02.05.2012 16:45:18 | Computer Name = Alexej-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
Error - 02.05.2012 16:45:19 | Computer Name = Alexej-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
Error - 02.05.2012 16:45:19 | Computer Name = Alexej-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
Error - 06.05.2012 12:50:10 | Computer Name = Alexej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Aufgabenplanung" ist vom Dienst "Windows-Ereignisprotokoll"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 06.05.2012 12:50:10 | Computer Name = Alexej-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  CSC  DfsC  discache  MpFilter  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  vwififlt  Wanarpv6
WfpLwf
 
Error - 06.05.2012 12:52:47 | Computer Name = Alexej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Aufgabenplanung" ist vom Dienst "Windows-Ereignisprotokoll"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 06.05.2012 12:52:47 | Computer Name = Alexej-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  CSC  DfsC  discache  MpFilter  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  vwififlt  Wanarpv6
WfpLwf
 
Error - 07.05.2012 12:59:30 | Computer Name = Alexej-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.125.1266.0     Update Source: %%859     Update Stage:
 %%854     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.8304.0     Error
 code: 0x8024001e     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 16.05.2012 13:45:24 | Computer Name = Alexej-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{604E0092-F9A6-4C99-A0DF-E9C78BCCFE48} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
 
< End of report >
         
Und hier noch zwei alte MBAM Logs
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexej :: ALEXEJ-PC [Administrator]

06.10.2012 20:02:08
mbam-log-2012-10-06 (20-02-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234377
Laufzeit: 6 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Alexej\AppData\Local\Temp\NODBC0D.tmp (Trojan.FakeAlert) -> 2072 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Alexej\AppData\Local\Temp\NODBC0D.tmp (Trojan.FakeAlert) -> Löschen bei Neustart.

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexej :: ALEXEJ-PC [Administrator]

06.10.2012 20:23:26
mbam-log-2012-10-06 (20-23-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234164
Laufzeit: 12 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Danke im Voraus für jegliche Hilfe!

Alt 10.10.2012, 08:44   #2
Psychotic
/// Malwareteam
 
Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner - Standard

Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner



Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.
__________________

__________________

Alt 10.10.2012, 20:46   #3
Der A
 
Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner - Standard

Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner



Hallo,
danke für die Antwort.
Hier das Ergebnis:

Code:
ATTFilter
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\adobe\adobe dreamweaver cs6\configuration\taglibraries\html\keygen.vtm
c:\program files (x86)\jdownloader\jd\plugins\hoster\crackedcom.class
scanner sequence 3.LB.11.BTNAEX
 ----- EOF -----
         
__________________

Alt 11.10.2012, 06:30   #4
Psychotic
/// Malwareteam
 
Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner - Standard

Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner



Zitat:
C:\Windows\AutoKMS
c:\program files (x86)\adobe\adobe dreamweaver cs6\configuration\taglibraries\html\keygen.vtm



Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren.

Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien )
Dies ist einer der Hauptursachen für Infektionen.

Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden.
Darum haben wir uns darauf geeinigt:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 11.10.2012, 07:59   #5
Der A
 
Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner - Standard

Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner



Lieber Psychotic,

ab und zu verwendet auch meine Freundin den Rechner – früher öfter als jetzt – und wenn ich es bei google richtig nachgeschlagen habe, hat KMS was mit Office zu tun, was sie mal vor nem Jahr bei mir (ihren Angaben nach) als Testversion installiert hatte, weil sie es wohl für die Uni brauchte … Da ich das nicht benutze habe ich auch keine Ahnung, ob es wirklich eine Testversion war.

Dreamweaver kann gar nicht gecrackt sein, weil ich es mir für die Arbeit (mitsamt der gesamten Master Collection) kaufen musste – wenn du willst kann ich dir sogar noch den Kaufbeleg dafür schicken.

Ich wäre also sehr dankbar, wenn du mir noch weiterhelfen und mich nicht direkt verurteilen würdest


Antwort

Themen zu Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner
0x80004005, 7-zip, audacity, battle.net, bho, bonjour, browser, canon, document, emsisoft, error, firefox, flash player, format, galaxy, hal.dll, hijack, homepage, iexplore.exe, internet, java plugin, jdownloader, logfile, malware, mozilla, mp3, netzwerk, plug-in, poweriso, realtek, registry, revo uninstaller, richtlinie, rundll, secunia psi, security, software, spotify web helper, svchost.exe, trojaner, windows




Ähnliche Themen: Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner


  1. AntiVir hat einige Trojaner/Java-Viren/Exploits gefunden...
    Log-Analyse und Auswertung - 01.08.2014 (9)
  2. Erkennungsmuster des Exploits EXP/Java.HLP.GJ
    Log-Analyse und Auswertung - 25.10.2013 (3)
  3. Win 7 (64bit); Versch. Schädlinge nach Java Update (? (Trojaner, Virus, Adware & Exploits)); Internetgeschwindigkeit massiv reduziert
    Log-Analyse und Auswertung - 18.09.2013 (11)
  4. Exploits EXP/JAVA.Edilage.Gen gefunden!
    Log-Analyse und Auswertung - 05.09.2013 (11)
  5. Exploits, java Viren, Trojaner gefunden.
    Log-Analyse und Auswertung - 03.03.2013 (11)
  6. Trojaner, Java Viren und Exploits - in Form von z.B. Rogue.KD, Kalika.E, Agent.MT verschiedene Exploits :(
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (9)
  7. Befall mit Exploits Java.Expkit.B, C und E und Virus JAVA/Blacole.GD , vermutlich durch searchnu Toolbar
    Log-Analyse und Auswertung - 22.12.2012 (26)
  8. AVSCAN hat mehrere Java-Viren JAVA/Agent.M* und Exploits EXP/CVE-2011-3544 gefunden
    Log-Analyse und Auswertung - 15.10.2012 (24)
  9. Bedrohung: Win32:Gataka-C [Trj] Fund Avast in Java cache
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (8)
  10. Virenalarm - Gataka.D.57 & JAVA/Dldr.Lamar.BD
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (2)
  11. GEMA-Trojaner, Java-Exploits, BDS/Sinowal.bogyo, etc. auf PC
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (21)
  12. Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (18)
  13. phpMyAdmin beseitigt mehrere XSS-Lücken
    Nachrichten - 25.08.2011 (0)
  14. Mehrer Trojaner und Java Exploits gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (9)
  15. Java-Virus JAVA/Agent.BH und Exploits EXP/Pidief.3582
    Log-Analyse und Auswertung - 27.01.2011 (1)
  16. Java Agents /Exploits
    Mülltonne - 14.12.2010 (2)
  17. Mehrere Trojaner beseitigt, aber ist das System nun wirklich sauber?!?
    Plagegeister aller Art und deren Bekämpfung - 07.09.2008 (7)

Zum Thema Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner - Hallo Trojaner-Board-Mitglieder, Betriebssystem: Win7 64bit AntiVirus: MSE Firewall: von Windows, mit Windows 7 Firewall Control und Hardware-Firewall Vor ein paar Tagen meldete mir MSE beim Surfen im Internet, dass es - Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner...
Archiv
Du betrachtest: Ist die Gefahr beseitigt? Mehrere Java Exploits und Gataka Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.