| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.12.2012, 12:31
| #1 |
| |  GVU Trojaner entfernen Hallo, ich habe den GVU Trojaner auf meinem PC gehabt und möchte diesen nun vollständig entfernen. Habe bisher die DE Cleaner Rettungs CD benutzt und nun Anti Malware und OTL durchlaufen lassen. Ich würde mich freuen wenn mir jemand helfen könnte! Hier sind die Logs die ich erstellt habe. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.02.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Horst :: HORST-PC [Administrator] 02.12.2012 10:07:33 mbam-log-2012-12-02 (11-58-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 426370 Laufzeit: 1 Stunde(n), 10 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Horst\AppData\Local\Temp\36B.tmp.vir (Trojan.LameShield) -> Keine Aktion durchgeführt. C:\Users\Horst\AppData\Local\Temp\wgsdgsdgdsgsd.exe.vir (Trojan.Reveton) -> Keine Aktion durchgeführt. C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt. C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 02.12.2012 12:05:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Horst\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 51,27% Memory free 3,86 Gb Paging File | 2,64 Gb Available in Paging File | 68,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 280,79 Gb Total Space | 228,99 Gb Free Space | 81,55% Space Free | Partition Type: NTFS Drive D: | 7,50 Gb Total Space | 7,50 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive E: | 1,99 Gb Total Space | 1,99 Gb Free Space | 99,77% Space Free | Partition Type: FAT32 Computer Name: HORST-PC | User Name: Horst | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\Horst\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.) SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) SRV - (STacSV) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe (IDT, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.) DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B} IE:64bit: - HKLM\..\SearchScopes\{AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\..\SearchScopes,DefaultScope = {AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B} IE - HKLM\..\SearchScopes\{AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\..\SearchScopes,DefaultScope = {AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B} IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\..\SearchScopes\{0CC9AA1B-87B4-4D47-87DE-FEF1B1843D1B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=D7033690-3B8B-405D-AC81-39C941C0F474&apn_sauid=D51C4290-F525-4DFD-BB11-9A6CCF6EE5C9 IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\..\SearchScopes\{AAE0BF8C-A05A-4BF1-BD4C-DFF0C4ADD47B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B271A3CF5-5A54-447B-A08F-BE805F0DA60A%7D:3.3.23.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.25 17:21:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.03 18:42:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.25 17:21:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.03 18:42:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.06.29 18:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\Extensions [2012.06.29 18:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.11.25 18:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\jv3q9ptg.default\extensions [2012.02.20 10:36:58 | 000,000,000 | ---D | M] (DDBAC Plug-In) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\jv3q9ptg.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A} [2012.11.25 18:41:33 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\firefox\profiles\jv3q9ptg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.15 15:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.11.25 17:21:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.25 17:21:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.25 17:21:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.25 17:21:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.25 17:21:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.25 17:21:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.25 17:21:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-2739802824-2353730146-784405382-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2739802824-2353730146-784405382-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2739802824-2353730146-784405382-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03D0A12F-8EE4-47AD-9537-B1FD82F5887E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B16D55-67A1-4C0C-8B93-DF0D050059B6}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012.12.02 12:03:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Horst\Desktop\OTL.exe [2012.12.02 10:04:08 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Malwarebytes [2012.12.02 10:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.02 10:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.02 10:03:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.12.02 10:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.01 21:05:12 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Fables [2012.12.01 21:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Fables [2012.11.29 19:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CodedColor Common [2012.11.29 19:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIDAsol Designer [2012.11.29 19:35:08 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\AIDAsol Designer [2012.11.29 19:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AIDAsol Designer [2012.11.29 19:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIDAsol Designer [2012.11.25 17:26:26 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2012.11.25 17:26:26 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2012.11.25 17:26:26 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.21 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Horst\Desktop\2012-11 (Nov) [2012.11.20 18:53:10 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Farm Mania 2.1 [2012.11.16 19:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\The Revills Games [2012.11.14 18:06:00 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\SulusGames [2012.11.14 12:47:46 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys [2012.11.14 12:47:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2012.11.14 12:41:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.11.14 12:41:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.11.14 12:41:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.11.14 12:41:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.11.14 12:41:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.11.14 12:41:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.11.14 12:41:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.11.14 12:41:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.11.14 12:41:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.11.14 12:41:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.11.14 12:41:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.11.14 12:41:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012.11.14 12:41:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.11.14 12:41:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.11.14 12:41:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012.11.14 12:36:36 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2012.11.14 12:36:36 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2012.11.14 12:36:35 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2012.11.14 12:36:35 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe [2012.11.14 12:03:38 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012.11.14 12:03:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2012.11.14 12:03:38 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2012.11.14 12:03:34 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012.11.14 12:03:34 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012.11.14 12:03:34 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2012.11.14 12:03:33 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2012.11.14 12:03:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2012.11.14 12:03:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012.11.14 12:03:15 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2012.11.14 12:03:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2012.11.13 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TheLostIncaProphecy [2012.11.10 11:59:28 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Local\Big Fish Games [2012.11.05 20:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Farm Fishes [2012.11.05 19:54:08 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Total Eclipse [2012.11.05 18:34:42 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\DivoGames [2012.11.03 18:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.10.30 18:17:07 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\PeaceCraft3 [2012.10.18 18:23:17 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Rainbow [2012.10.18 11:09:36 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012.10.18 11:09:35 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012.10.18 11:09:35 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012.10.18 11:09:25 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2012.10.18 11:09:25 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2012.10.18 11:09:25 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2012.10.18 11:09:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2012.10.18 11:09:22 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2012.10.18 11:09:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2012.10.18 11:09:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2012.10.18 11:09:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2012.10.18 11:09:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2012.10.18 11:09:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2012.10.18 11:09:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2012.10.18 11:09:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.18 11:09:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.18 11:09:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.18 11:09:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2012.10.18 11:09:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.18 11:09:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.18 11:09:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.18 11:09:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.18 11:09:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.18 11:09:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.18 11:09:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.18 11:09:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.18 11:09:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.18 11:09:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.18 11:09:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.18 11:09:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2012.10.18 11:09:05 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll [2012.10.18 11:06:39 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012.10.18 11:06:37 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2012.10.09 11:35:15 | 010,220,472 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2012.10.07 09:14:40 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\LegacyGames ========== Files - Modified Within 60 Days ========== [2012.12.02 12:07:50 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.02 12:07:50 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.02 12:03:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Horst\Desktop\OTL.exe [2012.12.02 12:00:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.12.02 12:00:06 | 2072,264,704 | -HS- | M] () -- C:\hiberfil.sys [2012.12.02 11:57:56 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.12.01 21:12:23 | 000,001,220 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2012.12.01 21:06:03 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Farm Fables.lnk [2012.11.29 19:35:12 | 000,001,135 | ---- | M] () -- C:\Users\Horst\Desktop\AIDAsol Designer.lnk [2012.11.25 17:28:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.11.25 17:28:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.23 18:52:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.14 12:55:24 | 000,342,184 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.11.14 12:49:37 | 001,524,478 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.11.14 12:49:37 | 000,656,294 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.11.14 12:49:37 | 000,616,800 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.11.14 12:49:37 | 000,130,894 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.11.14 12:49:37 | 000,107,180 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.10.09 19:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012.10.09 19:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2012.10.09 18:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2012.10.09 11:35:15 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2012.10.08 12:31:03 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.10.08 12:22:55 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.10.08 12:22:17 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.10.08 12:18:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.10.08 12:17:35 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012.10.08 12:17:26 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.10.08 12:15:59 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012.10.08 12:13:54 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.10.08 12:09:39 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.10.08 08:47:44 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.10.08 08:46:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.10.08 08:44:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.10.08 08:43:05 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.10.08 08:41:19 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.10.08 08:37:23 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.10.03 18:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012.10.03 18:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012.10.03 18:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012.10.03 17:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2012.10.03 17:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2012.10.03 17:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll ========== Files Created - No Company Name ========== [2012.12.01 21:06:03 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Farm Fables.lnk [2012.12.01 21:06:03 | 000,001,220 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2012.11.29 19:35:12 | 000,001,135 | ---- | C] () -- C:\Users\Horst\Desktop\AIDAsol Designer.lnk [2012.11.22 14:06:44 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.14 12:47:48 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 12:36:35 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2011.09.09 16:25:19 | 000,219,057 | ---- | C] () -- C:\windows\hpoins47.dat [2011.09.09 16:25:19 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl47.dat [2011.09.07 14:49:46 | 000,014,051 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-2739802824-2353730146-784405382-1000\$54bf92e386dd1c8acf3ec9422b942e1f\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\$Recycle.Bin\S-1-5-18\$54bf92e386dd1c8acf3ec9422b942e1f\n. "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 961 bytes -> C:\Users\Horst\Documents\Willkommen bei Lohnsteuer-kompakt.eml:OECustomProperty @Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:6BFA43EB @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:EAF954B6 @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:706B1D1A @Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:2DF54B62 @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:9E76E7F3 @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:C0A9B815 @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:D055FC10 @Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:99A29126 @Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:A3B8F70C @Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:43C9D140 @Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:59846E5E @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:F7FFE8AF @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:639BB5E9 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:391535F9 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:F2327E82 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:884C7316 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2D3CB929 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:10873493 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:04ADB7A6 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:2ABB51D4 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D2397415 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:8DD36B71 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:53BA2DF6 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D696AA12 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:A6B07419 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:5CE65446 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:571CCF8E @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:14D29229 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FD786DCA @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9812B773 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:30E0D641 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:2B856118 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D987CB43 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:7EABF26C @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0ACF1AF5 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:7D288858 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:436BE28C @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C6D0ABC3 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C43C957E @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A10E88DE @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DE892EFB @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CBAF0C30 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B790962B @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9CF728A6 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:6EA64886 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:6D192E3A @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:3487C53E @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:EDE28CFC @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:751D6870 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1709732A @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F3591DDB @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EB68CA55 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5E707762 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:4EE323A4 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2E45FA8F @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D3331ADB @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:902C848D @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5E73E1C2 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0C988F7D @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F68CB1A4 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B88DC997 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:85376176 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:1E942FB9 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:1B47CB83 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:07D64CD9 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9C337CCE @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:ED2998F5 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DCA79AB3 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8C12CFCD @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:27F44544 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0C65EA0E @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A2B3764A @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8AC20936 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:996104FC @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:60AC3BC3 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:58A2C544 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3C6860C5 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D01ACC06 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9D03192E @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:512336B9 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B36361EE @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:97AAB7F2 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5F9C8A89 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3C4BD225 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0C9CD455 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D576A536 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6DDFD746 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:16A4620C @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1297FF3C @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:ECC979BD @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CAF8DAC8 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7E4E56EA @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2D1AE3BE @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1B3549F2 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CD6DF7CC @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C43BFB01 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A8725EB5 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A1D3FEF0 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:89A5891E @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6FD36C4B @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6F0C95A1 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:56C66609 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0E22C5DB @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F2BA92F7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E1D6C864 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BB6ECE53 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EF0D9BBA @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AE2EA3C2 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:627B7F7C @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2216A431 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:217A2A36 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CA8D6B60 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4C49306C @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B285A50E @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:66FC2E6F @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EB4FEEF5 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C3AD9507 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8140CB50 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:553056F1 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:32FFF2D1 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FC2E567F @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E5BA9ADD @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:329BA65B @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:6677D85A @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C9FD258B @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0AE2C68F @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:BF6C81B2 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:5E24C78B @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1EE5EBCB @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AF54CFFD @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FE66A7BB @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D2249B7E @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1A4BF204 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F2AF86D9 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:96AFAB10 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:41289DF0 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:538A9F02 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:339562A6 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:1CE87230 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:28DB0DC4 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1A8BB29B @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:9E4F05ED @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A3E39C6A @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:0778CBF2 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:D1713795 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B91EDB04 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:9C8D5426 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:880F0FEF < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.12.2012 12:05:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Horst\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,93 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 51,27% Memory free
3,86 Gb Paging File | 2,64 Gb Available in Paging File | 68,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,79 Gb Total Space | 228,99 Gb Free Space | 81,55% Space Free | Partition Type: NTFS
Drive D: | 7,50 Gb Total Space | 7,50 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive E: | 1,99 Gb Total Space | 1,99 Gb Free Space | 99,77% Space Free | Partition Type: FAT32
Computer Name: HORST-PC | User Name: Horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2739802824-2353730146-784405382-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Users\Horst\Desktop\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Users\Horst\Desktop\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Users\Horst\Desktop\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Users\Horst\Desktop\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Ralink Motorola BC4 Bluetooth 3.0+HS Adapter_is1" = Ralink Motorola BC4 Bluetooth 3.0+HS Adapter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{26CE484D-2E8E-40D5-B251-158133114C69}" = TomTom HOME
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69391456-8152-8734-9500-810313212870}" = Garten Panik
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT3090 802.11b/g/n WiFi Adapter
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F9336255-6BBB-4B38-9F98-E85988BF99CA}" = DDBAC
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aida_sol_is1" = AIDAsol Designer 3.6.2
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFG-Around the World in 80 Days" = Around the World in 80 Days
"BFG-Azada - Ancient Magic" = Azada ™: Ancient Magic
"BFGC" = Big Fish Games: Game Manager
"BFG-Call of Atlantis" = Call of Atlantis
"BFG-DragonStone" = DragonStone
"BFG-Drawn - Flucht aus der Dunkelheit Sammleredition" = Drawn: ® Flucht aus der Dunkelheit Sammleredition
"BFG-Echoes of the Past - Das Schloss der Schatten Sammleredition" = Echoes of the Past: Das Schloss der Schatten Sammleredition
"BFG-Escape the Museum" = Escape the Museum
"BFG-Farm Fables" = Farm Fables
"BFG-Jewel Quest III" = Jewel Quest III
"BFG-Reincarnations - Enthuelle das Gestern" = Reincarnations: Enthülle das Gestern
"BFG-The Return of Monte Cristo" = The Return of Monte Cristo
"BFG-Twisted Lands - Die Schattenstadt - Sammleredition" = Twisted Lands: Die Schattenstadt - Sammleredition
"DB Screensaver 02" = DB Screensaver 02
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Farmscapes_is1" = Farmscapes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.11
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.07.2012 14:21:22 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: zengems.exe, Version: 0.0.0.0, Zeitstempel:
0x48052690 Name des fehlerhaften Moduls: zengems.exe, Version: 0.0.0.0, Zeitstempel:
0x48052690 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006137 ID des fehlerhaften Prozesses:
0x10ec Startzeit der fehlerhaften Anwendung: 0x01cd6b531e20f861 Pfad der fehlerhaften
Anwendung: C:\BIG\ZenGems\zengems.exe Pfad des fehlerhaften Moduls: C:\BIG\ZenGems\zengems.exe
Berichtskennung:
b34fee51-d74e-11e1-ab49-6431507f4509
Error - 08.08.2012 07:20:06 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Mein CEWE FOTOBUCH.exe, Version:
0.0.0.0, Zeitstempel: 0x4e670f26 Name des fehlerhaften Moduls: QtCore4.dll, Version:
4.7.1.0, Zeitstempel: 0x4e5e4c6b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020f28
ID
des fehlerhaften Prozesses: 0xffc Startzeit der fehlerhaften Anwendung: 0x01cd7557b3ed1f3f
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein
CEWE FOTOBUCH.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\CEWE COLOR\Mein
CEWE FOTOBUCH\QtCore4.dll Berichtskennung: 01022140-e14b-11e1-9fc8-6431507f4509
Error - 08.08.2012 12:02:59 | Computer Name = Horst-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c30 Startzeit:
01cd757f1b694767 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
7e98686a-e172-11e1-b0fe-6431507f4509
Error - 29.08.2012 14:50:42 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqwmiex.exe, Version: 4.0.51.1,
Zeitstempel: 0x4c3b7c76 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
Zeitstempel: 0x4e58702a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004660 ID des fehlerhaften
Prozesses: 0xcc0 Startzeit der fehlerhaften Anwendung: 0x01cd8617272d0d4b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
Pfad
des fehlerhaften Moduls: C:\windows\syswow64\OLEAUT32.dll Berichtskennung: 6eb98d8e-f20a-11e1-9ac6-6431507f4509
Error - 30.08.2012 10:15:54 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 36B.tmp, Version: 0.0.0.0, Zeitstempel:
0x4fff7bd7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f7da ID des fehlerhaften Prozesses:
0xb40 Startzeit der fehlerhaften Anwendung: 0x01cd86b9f6f05091 Pfad der fehlerhaften
Anwendung: C:\Users\Horst\AppData\Local\Temp\36B.tmp Pfad des fehlerhaften Moduls:
C:\windows\SysWOW64\ntdll.dll Berichtskennung: 356965d9-f2ad-11e1-a8b4-6431507f4509
Error - 07.09.2012 07:07:02 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqwmiex.exe, Version: 4.0.51.1,
Zeitstempel: 0x4c3b7c76 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
Zeitstempel: 0x4e58702a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004660 ID des fehlerhaften
Prozesses: 0xc6c Startzeit der fehlerhaften Anwendung: 0x01cd8ce8e2d6454f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
Pfad
des fehlerhaften Moduls: C:\windows\syswow64\OLEAUT32.dll Berichtskennung: 26208f54-f8dc-11e1-b682-6431507f4509
Error - 08.10.2012 11:04:27 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqwmiex.exe, Version: 4.0.51.1,
Zeitstempel: 0x4c3b7c76 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
Zeitstempel: 0x4e58702a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004660 ID des fehlerhaften
Prozesses: 0xd80 Startzeit der fehlerhaften Anwendung: 0x01cda5308d79cb98 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
Pfad
des fehlerhaften Moduls: C:\windows\syswow64\OLEAUT32.dll Berichtskennung: 73dba4cd-1159-11e2-89ab-6431507f4509
Error - 10.10.2012 13:38:57 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqwmiex.exe, Version: 4.0.51.1,
Zeitstempel: 0x4c3b7c76 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
Zeitstempel: 0x4e58702a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004660 ID des fehlerhaften
Prozesses: 0xc74 Startzeit der fehlerhaften Anwendung: 0x01cda70e1b960292 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
Pfad
des fehlerhaften Moduls: C:\windows\syswow64\OLEAUT32.dll Berichtskennung: 5dfe29de-1301-11e2-89c6-6431507f4509
Error - 18.10.2012 05:58:38 | Computer Name = Horst-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 18.10.2012 11:13:24 | Computer Name = Horst-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
[ System Events ]
Error - 02.12.2012 04:54:50 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 02.12.2012 05:05:38 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 02.12.2012 05:05:38 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 02.12.2012 07:00:19 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 02.12.2012 07:00:21 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 02.12.2012 07:00:22 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 02.12.2012 07:00:22 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 02.12.2012 07:02:26 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 02.12.2012 07:02:26 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 02.12.2012 07:02:48 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
| Themen zu GVU Trojaner entfernen |
| administrator, adobe, antivir, autorun, avg, avira, bho, entfernen, excel, explorer, firefox, flash player, format, helper, home, install.exe, logfile, malware, monte, ntdll.dll, office 2007, plug-in, programm, realtek, recycle.bin, registry, rundll, scan, software, temp, trojan.reveton, trojaner, visual studio |
Baum-Darstellung