| |
| |||||||
Alles rund um Windows: Windows 7: Trojaner; InternetsicherheitseinstellungenWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
26.10.2010, 11:19
| #1 |
| |  Problem: Windows 7: Trojaner; Internetsicherheitseinstellungen Erstmal Hallo an alle  Als ich heute ein bisschen ... nennen wir es Beistand ... für die Cisco-Tests gesucht (und gefunden habe), hat sich mein PC wohl leider einen Trojaner eingefangen. Zumindest hat sich dies durch das Windows-Fenster bemerkbar gemacht. Ein Windowssicherheitsfenster sagte was von Trojanern - ich konnte es aber leider schlecht lesen, da es zigmal pro Sekunde auf- und zugeklappt wurde... Zusätzlich zu diesem Fenster fragte mich Windows auch, ob ich Änderungen am System vornehmen will - irgendeine heimtückische Datei wollte wohl ausgeführt werden... Ablehnen hat leider nicht den gewünschten Erfolg gebracht, da immer neue Anfragen geöffnet wurden (es waren dauerhaft 3 dieser Anfragen aktiv). Opera hat sich auch von selbst beendet und in Folge hab ich aus Reflex erstmal das NW-Kabel entfernt und den Reset-Knopf gedrückt^^ Wenn ich nun jedoch Windows starte, erscheint mir nur ein schwarzer Bildschirm mit einem einsamen Mauszeiger - der Taskmanager lässt sich zwar öffnen, jedoch wird ein über den Manager erfolgter Start des Explorers oder msconfig von den "Internetsicherheitsseinstellungen" blockiert... Da dies mein erster Virus/Trojaner/Wasauchimmer in 8 Jahren Computergeschichte ist, bin ich leider etwas ratlos  Sicherheitshalber habe ich die Passwörter meiner Email-Konten u.ä. geändert - wer weiß, ob Opera die gespeicherten Passwörter nicht doch rausrückt... Als Betriebssystem fungiert Windows 7 Professional 64 Bit (Schullizenz). Ich hoffe, Ihr könnt mir in dieser Angelegenheit helfen |
|
28.10.2010, 14:43
| #2 |
| /// Malware-holic   | Windows 7: Trojaner; Internetsicherheitseinstellungen Anleitung / Hilfe ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten. |
|
28.10.2010, 16:10
| #3 |
| | Windows 7: Trojaner; Internetsicherheitseinstellungen Details Tut mir leid für den doppelten Thread. Leider habe ich den Bereich für die Schädlinge erst anschließend entdeckt.
__________________Ich wollte dem Beitrag in diesem Bereich noch eine Bemerkung editieren, dass ein Mod ihn bitte löschen möchte, jedoch bekam ich anschließend die 3min-down Seite des Forums. Jedenfalls danke vielmals für die Hilfe! Hier sind die beiden OTL-Files: OTL.txt Code:
ATTFilter OTL logfile created on: 28.10.2010 16:10:06 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\XXX\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: XXX| Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 5,99 Gb Free Space | 1,29% Space Free | Partition Type: NTFS Drive D: | 6,88 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: XXX_PC | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.20506\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.20506_32) -- c:\Windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.20506_64) -- c:\Windows\Microsoft.NET\Framework64\v4.0.20506\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (XBCD) -- C:\Windows\SysNative\DRIVERS\XBCD.sys File not found DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541358716-3541937844-1263161646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2541358716-3541937844-1263161646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-2541358716-3541937844-1263161646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 58 73 03 38 E9 CA 01 [binary data] IE - HKU\S-1-5-21-2541358716-3541937844-1263161646-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541358716-3541937844-1263161646-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.01 21:00:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.09.13 11:51:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.09.29 17:37:16 | 000,000,000 | ---D | M] [2010.09.13 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2010.09.13 11:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2541358716-3541937844-1263161646-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2541358716-3541937844-1263161646-1001..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-2541358716-3541937844-1263161646-1001 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.06.11 22:04:17 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2005.11.16 19:29:58 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ] O32 - AutoRun File - [2005.11.14 20:58:08 | 000,106,496 | R--- | M] () - D:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2006.01.11 07:29:34 | 000,000,041 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{45fc4ab6-a87a-11de-96dc-002618d756d5}\Shell - "" = AutoRun O33 - MountPoints2\{45fc4ab6-a87a-11de-96dc-002618d756d5}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found O33 - MountPoints2\{a59de13d-fe44-11d5-8f51-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a59de13d-fe44-11d5-8f51-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe -- [2006.05.23 19:51:46 | 000,878,592 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Hot Keyboard - hkey= - key= - C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe File not found MsConfig:64bit - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Metropolis - hkey= - key= - C:\Users\XXX\AppData\Local\Temp\sshnas21.DLL File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - StartUpReg: U36VRSFLG6 - hkey= - key= - C:\Users\XXX\AppData\Local\Temp\Sti.exe File not found MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {13B27C82-19BA-3494-9420-F932B40673CA} - .NET Framework ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {256C3219-2E90-3E2C-A75B-58CD19DCC4B4} - Microsoft Windows Media Player ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {3B39AE7D-A2DD-6434-8C83-7E846F517C3C} - Browser Customizations ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {865CF6CD-EB48-3DA5-C0CA-D3B17E314E46} - .NET Framework ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CE31F3C9-73BF-7119-B961-A99B075B57FE} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {DB23C3D7-C04D-0CDD-3CDD-25DE67458EE6} - Internet Explorer ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {07AB8353-B73D-F2AA-1725-2A0AEFADDFDB} - Microsoft Windows Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {13B27C82-19BA-3494-9420-F932B40673CA} - .NET Framework ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {91400BC6-62D2-9053-E990-51BDE190E43D} - Internet Explorer ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {DDA9ACA0-335D-E4CB-2CBD-7ACAE099E1F7} - Java (Sun) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.10.26 15:56:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.10.26 15:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.10.26 15:39:32 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2010.10.26 15:38:33 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.10.26 15:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.26 14:52:00 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\MigWiz [2010.10.24 18:57:17 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Fotos [2010.10.22 19:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2010.10.22 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2010.10.18 20:08:41 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\ArcaniA - Gothic 4 [2010.10.18 19:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD Entertainment AG [2010.10.18 19:10:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Arcania - Gothic IV [2010.10.14 19:21:16 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.10.14 19:21:15 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.10.14 19:21:10 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.10.14 19:21:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.10.14 19:13:25 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010.10.14 19:13:25 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010.10.14 19:13:15 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.10.14 19:13:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.10.14 19:13:15 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.10.14 19:13:15 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.10.14 19:13:15 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.10.14 19:13:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.10.14 19:13:15 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.10.14 19:13:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.10.14 19:13:15 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.10.14 19:13:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.10.14 19:13:14 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.10.14 19:13:14 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.10.14 19:13:14 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.10.14 19:13:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.10.14 19:12:55 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.10.14 19:12:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.10.14 19:12:54 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010.10.14 19:12:50 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010.10.14 19:12:49 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010.10.14 19:10:06 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010.10.14 19:10:06 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010.10.14 19:09:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010.10.07 21:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lara Croft and the Guardian of Light [2010.10.02 22:24:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\ZPS Mapping [2010.10.02 22:01:36 | 000,000,000 | --SD | C] -- C:\Users\XXX\Documents\Meine Shapes [2010.10.02 19:03:02 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Amnesia [2010.10.02 18:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent [2010.09.29 17:26:39 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Ms Visio2007 [2009.05.14 22:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Programme\Common Files\adlmint_libFNP.dll [2009.05.14 22:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Programme\Common Files\adlmint.dll [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.28 16:06:02 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.10.28 15:58:41 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.28 15:58:41 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.28 15:53:02 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.10.28 15:51:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.28 15:51:05 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys [2010.10.26 17:29:29 | 001,647,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.10.26 17:29:29 | 000,709,000 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.10.26 17:29:29 | 000,672,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.10.26 17:29:29 | 000,146,172 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.10.26 17:29:29 | 000,123,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.10.26 15:56:55 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.26 11:36:32 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.10.22 19:45:45 | 000,001,235 | ---- | M] () -- C:\Users\XXX\Desktop\Adobe Dreamweaver CS5.lnk [2010.10.16 09:36:46 | 754,826,103 | ---- | M] () -- C:\Users\XXX\Desktop\CD.rar [2010.10.15 15:08:13 | 003,280,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.10.02 22:01:33 | 000,002,591 | ---- | M] () -- C:\Users\XXX\Desktop\Microsoft Office Visio 2007.lnk [2010.09.29 17:36:34 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.26 15:56:55 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.26 11:36:29 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.10.26 11:36:21 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.10.26 11:36:19 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.10.22 19:45:45 | 000,001,235 | ---- | C] () -- C:\Users\XXX\Desktop\Adobe Dreamweaver CS5.lnk [2010.10.16 09:31:02 | 754,826,103 | ---- | C] () -- C:\Users\XXX\Desktop\CD.rar [2010.10.02 22:01:33 | 000,002,591 | ---- | C] () -- C:\Users\XXX\Desktop\Microsoft Office Visio 2007.lnk [2010.09.29 17:36:34 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2010.07.30 17:07:00 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2010.07.30 17:07:00 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2010.07.30 17:07:00 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2010.06.28 16:44:35 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.04.16 21:57:14 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.04.16 21:57:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.04.16 21:57:12 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.04.16 21:57:11 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2010.04.16 21:57:11 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.04.16 21:57:10 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.03.14 16:27:28 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.01.30 19:21:50 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2010.01.10 20:46:32 | 001,668,672 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.01.02 20:38:38 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI [2009.12.05 13:32:22 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\setdllhostEnglishResourceDll.dll [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.10.23 18:42:37 | 000,000,415 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.10.23 15:47:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.23 22:07:33 | 000,007,597 | ---- | C] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg [2009.09.23 21:18:50 | 000,000,760 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\setup_ldm.iss [2009.09.23 21:11:58 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009.09.23 21:11:58 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009.09.23 20:32:42 | 000,032,396 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009.09.23 20:31:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.09.23 20:31:46 | 000,027,512 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2010.06.11 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Autodesk [2010.04.24 22:05:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Bioshock2 [2009.09.23 19:58:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Blitware [2010.08.02 19:59:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CadSoft [2010.07.03 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CD-LabelPrint [2010.04.08 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Codemasters [2009.09.23 21:54:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite [2009.12.28 14:43:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ebner [2009.12.26 01:08:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Hot Keyboard [2010.01.02 21:51:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Hot Keyboard Pro Backup [2010.01.20 00:11:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MP3toiPodAudioBookConverter [2009.09.23 19:53:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera [2009.12.27 12:25:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\runic games [2010.09.13 11:51:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thunderbird [2010.03.07 20:39:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TS3Client [2010.06.27 10:12:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TubeBox [2009.12.26 13:13:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ubisoft [2010.08.01 02:47:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2010.10.04 19:13:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.10.28 16:06:02 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.10.28 15:53:02 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.10.26 11:36:32 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.10.26 17:28:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Adobe [2010.05.01 20:46:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Apple Computer [2009.09.23 20:26:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ATI [2010.06.11 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Autodesk [2010.03.27 11:53:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Avira [2010.04.24 22:05:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Bioshock2 [2009.09.23 19:58:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Blitware [2010.08.02 19:59:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CadSoft [2010.07.03 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CD-LabelPrint [2010.04.08 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Codemasters [2010.03.22 21:52:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CyberLink [2009.09.23 21:54:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite [2010.07.02 11:26:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\dvdcss [2009.12.28 14:43:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ebner [2010.08.06 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Google [2009.12.26 01:08:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Hot Keyboard [2010.01.02 21:51:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Hot Keyboard Pro Backup [2009.09.23 19:02:57 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Identities [2009.09.23 20:34:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Macromedia [2010.10.26 15:39:32 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Media Center Programs [2010.04.16 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Media Player Classic [2010.10.06 19:50:27 | 000,000,000 | --SD | M] -- C:\Users\XXX\AppData\Roaming\Microsoft [2010.09.13 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla [2010.01.20 00:11:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MP3toiPodAudioBookConverter [2009.09.23 19:53:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera [2010.05.01 21:01:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Real [2009.12.27 12:25:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\runic games [2009.12.28 14:40:50 | 000,000,000 | RH-D | M] -- C:\Users\XXX\AppData\Roaming\SecuROM [2010.09.02 20:18:50 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Skype [2010.09.02 16:03:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\skypePM [2010.02.06 18:30:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sun [2010.03.07 20:33:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\teamspeak2 [2010.09.13 11:51:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thunderbird [2010.03.07 20:39:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TS3Client [2010.06.27 10:12:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TubeBox [2009.12.26 13:13:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ubisoft [2010.10.20 21:13:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\vlc [2010.06.18 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.01.01 19:45:43 | 000,011,502 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\ARPPRODUCTICON.exe [2010.01.01 19:45:43 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2010.01.01 19:45:43 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2010.01.01 19:45:43 | 000,015,086 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2010.01.01 19:45:43 | 000,008,854 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2010.04.14 18:49:52 | 000,010,134 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 28.10.2010 16:10:06 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\XXX\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: XXX | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 5,99 Gb Free Space | 1,29% Space Free | Partition Type: NTFS
Drive D: | 6,88 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: XXX_PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1314D90A-A77D-4635-BB8C-840FBB466BE3}" = Autodesk MatchMover 2010 (64-bit)
"{13B27C82-19BA-3494-9420-F932B40673CA}" = Microsoft .NET Framework 4 Client Profile Beta 1
"{175D5555-EE49-3033-99AF-BC1E206223FD}" = Microsoft .NET Framework 4 Extended Beta 1
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{284B452E-075E-4C7B-B8EE-E4A798CC3772}" = Maya 2010 (64-bit)
"{2B80C356-CA93-433D-814C-BF4CBF3195C2}" = Maya 2010 (64-bit) Documentation (en_US)
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{833B98DC-A851-43D3-B22C-9C7B815520E3}" = Autodesk DirectConnect 2010 (64-bit)
"{83584F8F-6828-440D-B0B4-52495D5DA803}" = iTunes
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B7FEA90D-9620-455F-9B15-652D4FA80B0A}" = Autodesk Toxik 2010 (64-bit)
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0
"{E67825BD-2344-37AF-BBB9-A310B64229DC}" = Microsoft Visual C++ 2010 Beta 1 x64 Redistributable - 10.0.20506
"Microsoft .NET Framework 4 Client Profile Beta 1" = Microsoft .NET Framework 4 Client Profile Beta 1
"Microsoft .NET Framework 4 Extended Beta 1" = Microsoft .NET Framework 4 Extended Beta 1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F9E9CEB-D21C-44D7-BF75-17E5AF4B09C9}" = Adobe Setup
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-In für Microsoft Office
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java(TM) SE Development Kit 6 Update 17
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1.3
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5B09F344-4406-11D5-96E8-0050BA84F5F7}" = Baldurs Gate(TM) II - Thron des Bhaal (TM)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{75FB2F19-4FC1-4B3C-B32E-53A2FBDCE1F2}" = Bloom
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A7709081-CE4E-4339-A727-F88E648F92FA}_is1" = Oblivion Improved 1.41
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}" = FlatOut2
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FC92E32F-6AD6-38E7-AC11-83B639CEACD8}" = Microsoft Visual C++ 2010 Beta 1 x86 Redistributable - 10.0.20506
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"Adobe_f03bec73234c72da94103197499096e" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Age of Empires 2.0" = Microsoft Age of Empires II
"ArcaniA" = ArcaniA - Gothic 4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"EAGLE 5.10.0" = EAGLE 5.10.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flashpoint Resistance" = Flashpoint Resistance uninstall
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3
"Lara Croft and the Guardian of Light_is1" = Lara Croft and the Guardian of Light
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Might and Magic® VI" = Might and Magic® VI
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"nbi-nb-base-6.7.1.0.0" = NetBeans IDE 6.7.1
"Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"Oblivion-Schilder-Mod-BE_is1" = Oblivion-Schilder-Mod-BE-v0.4
"OpenAL" = OpenAL
"Operation Flashpoint" = Operation Flashpoint uninstall
"paw·ned²" = paw·ned² v1.2
"RADVideo" = RAD Video Tools
"RealPlayer 12.0" = RealPlayer
"Shockwave" = Shockwave
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 211" = Source SDK
"Steam App 218" = Source SDK Base 2007
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 32370" = Star Wars: Knights of The Old Republic
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2541358716-3541937844-1263161646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CounterStrike Source" = CounterStrike Source
"Guild Wars" = GUILD WARS
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.10.2010 14:56:30 | Computer Name = XXX_PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.1.10,
Zeitstempel: 0x4c06fc6d Name des fehlerhaften Moduls: MSVCP80.dll, Version: 8.0.50727.4927,
Zeitstempel: 0x4a275370 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000100b5 ID des fehlerhaften
Prozesses: 0x190 Startzeit der fehlerhaften Anwendung: 0x01cb708873849076 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll
Berichtskennung:
bf9f7d44-dc7b-11df-acb1-002618d756d5
Error - 20.10.2010 14:59:08 | Computer Name = XXX_PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.1.10,
Zeitstempel: 0x4c06fc6d Name des fehlerhaften Moduls: MSVCP80.dll, Version: 8.0.50727.4927,
Zeitstempel: 0x4a275370 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000100b5 ID des fehlerhaften
Prozesses: 0x69c Startzeit der fehlerhaften Anwendung: 0x01cb7088d0260e13 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll
Berichtskennung:
1d60d98a-dc7c-11df-acb1-002618d756d5
Error - 22.10.2010 17:41:26 | Computer Name = XXX_PC | Source = Application Hang | ID = 1002
Description = Programm hammer.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1090 Startzeit:
01cb722ed49d8d2f Endzeit: 0 Anwendungspfad: c:\program files (x86)\steam\steamapps\steamuser\sourcesdk\bin\source2007\bin\hammer.exe
Berichts-ID:
Error - 23.10.2010 14:02:32 | Computer Name = XXX_PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x470c11ae Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
0x4ae603a6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001a01e7 ID des fehlerhaften Prozesses:
0xec0 Startzeit der fehlerhaften Anwendung: 0x01cb72dc5506bf34 Pfad der fehlerhaften
Anwendung: c:\program files (x86)\steam\steamapps\steamuser\zombie panic! source\hl2.exe
Pfad
des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\steamuser\zombie
panic! source\zps\bin\client.dll Berichtskennung: b4c31464-decf-11df-a0a6-002618d756d5
Error - 24.10.2010 05:11:44 | Computer Name = XXX_PC | Source = Application Hang | ID = 1002
Description = Programm Photoshop.exe, Version 10.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: db4 Startzeit:
01cb735b6b3445e9 Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Adobe\Adobe Photoshop
CS3\Photoshop.exe Berichts-ID: b6ad4a75-df4e-11df-9eda-002618d756d5
Error - 25.10.2010 12:53:41 | Computer Name = XXX_PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hammer.exe, Version: 0.0.0.0, Zeitstempel:
0x4a132f0c Name des fehlerhaften Moduls: hammer_dll.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x4ab7d2e3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0eff812f ID des fehlerhaften
Prozesses: 0xa4 Startzeit der fehlerhaften Anwendung: 0x01cb744d2280d430 Pfad der
fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\steamuser\sourcesdk\bin\source2007\bin\hammer.exe
Pfad
des fehlerhaften Moduls: hammer_dll.dll Berichtskennung: 6b23cccd-e058-11df-aec7-002618d756d5
Error - 26.10.2010 05:35:15 | Computer Name = XXX_PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wosmracxne.exe, Version: 26.1.2.1,
Zeitstempel: 0x4cc56d50 Name des fehlerhaften Moduls: wosmracxne.exe, Version: 26.1.2.1,
Zeitstempel: 0x4cc56d50 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001128 ID des fehlerhaften
Prozesses: 0x10a0 Startzeit der fehlerhaften Anwendung: 0x01cb74f118174bdb Pfad der
fehlerhaften Anwendung: C:\Users\XXX\AppData\Local\Temp\wosmracxne.exe Pfad des
fehlerhaften Moduls: C:\Users\XXX\AppData\Local\Temp\wosmracxne.exe Berichtskennung:
55d60ed8-e0e4-11df-8f29-002618d756d5
Error - 26.10.2010 05:35:15 | Computer Name = XXX_PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wosmracxne.exe, Version: 26.1.2.1,
Zeitstempel: 0x4cc56d50 Name des fehlerhaften Moduls: wosmracxne.exe, Version: 26.1.2.1,
Zeitstempel: 0x4cc56d50 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001128 ID des fehlerhaften
Prozesses: 0x13cc Startzeit der fehlerhaften Anwendung: 0x01cb74f1181995cd Pfad der
fehlerhaften Anwendung: C:\Users\XXX\AppData\Local\Temp\wosmracxne.exe Pfad des
fehlerhaften Moduls: C:\Users\XXX\AppData\Local\Temp\wosmracxne.exe Berichtskennung:
55d635e8-e0e4-11df-8f29-002618d756d5
Error - 26.10.2010 05:35:15 | Computer Name = XXX_PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wosmracxne.exe, Version: 26.1.2.1,
Zeitstempel: 0x4cc56d50 Name des fehlerhaften Moduls: wosmracxne.exe, Version: 26.1.2.1,
Zeitstempel: 0x4cc56d50 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001128 ID des fehlerhaften
Prozesses: 0xa50 Startzeit der fehlerhaften Anwendung: 0x01cb74f1181a591d Pfad der
fehlerhaften Anwendung: C:\Users\XXX\AppData\Local\Temp\wosmracxne.exe Pfad des
fehlerhaften Moduls: C:\Users\XXX\AppData\Local\Temp\wosmracxne.exe Berichtskennung:
55d65cf8-e0e4-11df-8f29-002618d756d5
Error - 26.10.2010 08:51:03 | Computer Name = XXX_PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 26.10.2010 05:40:43 | Computer Name = XXX_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 26.10.2010 05:40:43 | Computer Name = XXX_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 26.10.2010 05:40:43 | Computer Name = XXX_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 26.10.2010 05:40:43 | Computer Name = XXX_PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AsIO avipbb CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6
WfpLwf
Error - 26.10.2010 05:42:19 | Computer Name = XXX_PC | Source = DCOM | ID = 10005
Description =
Error - 26.10.2010 05:42:19 | Computer Name = XXX_PC | Source = DCOM | ID = 10005
Description =
Error - 26.10.2010 05:42:19 | Computer Name = XXX_PC | Source = DCOM | ID = 10005
Description =
Error - 26.10.2010 05:42:19 | Computer Name = XXX_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 26.10.2010 09:46:05 | Computer Name = XXX_PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 27.10.2010 12:23:36 | Computer Name = XXX_PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
| Themen zu Windows 7: Trojaner; Internetsicherheitseinstellungen |
| aktiv, beendet, betriebssystem, bildschirm, datei, entfernt, folge, frage, fragen, gen, gesucht, geändert, jahre, neue, passwörter, ratlos, schwarzer bildschirm, sicherheitseinstellungen, system, taskmanager, trojaner, trojanern, von selbst, windows, windows 7, zugeklappt, öffnen |
Windows 7: Trojaner; Internetsicherheitseinstellungen
Linear-Darstellung
