Plagegeister aller Art und deren Bekämpfung: 40 Tan Trojander Sparkasse der nächste ^^
| ![]() 40 Tan Trojander Sparkasse der nächste ^^ Guten Tag, ja mich hats auch erwischt. Hier mal paar Fakten Auftreten seit ca 2 Tagen PC-System: Windows 7 64-Bit Habe OTL durchlafen lassen. hier Ergebnis OTL.txt Code:
OTL logfile created on: 18.02.2011 14:57:56 - Run 1
OTL by OldTimer - Version
Folder = C:\Users\Arthur\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 74,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 263,80 Gb Free Space | 56,65% Space Free | Partition Type: NTFS Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Arthur\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Users\Arthur\AppData\Roaming\Coukxu\gayds.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\JetAudio\JetAudio.exe (COWON America) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe () PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Arthur\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\wkscli.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AF9035BDA) -- C:\Windows\SysNative\drivers\AF9035BDA.sys (AfaTech ) DRV:64bit: - (AVMUNET) -- C:\Windows\SysNative\drivers\avmunet.sys (AVM GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 D8 B4 6E 16 B4 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.17 17:12:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.05 07:19:00 | 000,000,000 | ---D | M] [2010.01.08 16:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arthur\AppData\Roaming\mozilla\Extensions [2008.10.16 20:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\20sk9qnp.default\extensions [2011.02.17 20:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\2aerfoa9.default\extensions [2010.01.08 17:09:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\2aerfoa9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.09 05:09:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\2aerfoa9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.10 13:37:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\2aerfoa9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.01.09 05:09:35 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\2aerfoa9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.09.11 18:35:32 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\2aerfoa9.default\extensions\battlefieldheroespatcher@ea.com [2010.01.08 17:09:02 | 000,000,000 | ---D | M] ("Firebug") -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\2aerfoa9.default\extensions\firebug@software.joehewitt.com [2010.01.08 17:09:02 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\2aerfoa9.default\extensions\moveplayer@movenetworks.com [2010.03.12 14:04:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\2aerfoa9.default\extensions\personas@christopher.beard [2010.01.08 17:09:02 | 000,000,000 | ---D | M] ("VideoDownloader") -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\2aerfoa9.default\extensions\videodowloader@videodownloader.net [2008.12.11 17:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\rzizag4f.default\extensions [2010.01.08 16:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arthur\AppData\Roaming\mozilla\Firefox\Profiles\y5v7h0fm.default\extensions [2011.02.17 20:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.03.12 13:42:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.12 13:42:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.12 13:42:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.12 13:42:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.12 13:42:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.01.25 20:31:22 | 000,000,959 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: dt.invite.ath.cx O1 - Hosts: tracker.darktorrentz.ath.cx O1 - Hosts: activate.adobe.com O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [{6E7A36B0-2709-B249-CA90-06A6A4158A90}] C:\Users\Arthur\AppData\Roaming\Coukxu\gayds.exe (AVG Technologies CZ, s.r.o.) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.24 21:39:56 | 000,000,045 | -H-- | M] () - F:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010.12.24 21:42:03 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ] O32 - AutoRun File - [2010.12.24 21:39:06 | 000,000,034 | -H-- | M] () - H:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{228c9442-f4a4-11df-995b-001a4d4c5cf5}\Shell - "" = AutoRun O33 - MountPoints2\{228c9442-f4a4-11df-995b-001a4d4c5cf5}\Shell\AutoRun\command - "" = N:\preinst.exe O33 - MountPoints2\{5be38161-0549-11df-a478-001a4d4c5cf5}\Shell - "" = AutoRun O33 - MountPoints2\{5be38161-0549-11df-a478-001a4d4c5cf5}\Shell\AutoRun\command - "" = M:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.18 14:54:45 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Arthur\Desktop\OTL.exe [2011.02.18 14:50:57 | 008,417,616 | ---- | C] (Mozilla) -- C:\Users\Arthur\Desktop\Firefox Setup 3.6.13.exe [2011.02.18 14:49:51 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Arthur\Desktop\install_flash_player.exe [2011.02.15 19:46:40 | 020,471,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.02.15 19:46:40 | 018,580,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.02.15 19:46:40 | 015,047,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.02.15 19:46:40 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.02.15 19:46:40 | 010,078,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2011.02.15 19:46:40 | 006,604,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.02.15 19:46:40 | 005,653,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2011.02.15 19:46:40 | 004,941,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.02.15 19:46:40 | 003,112,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.02.15 19:46:40 | 002,895,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.02.15 19:46:40 | 002,479,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.02.15 19:46:40 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.02.15 19:46:40 | 001,965,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2011.02.15 19:46:40 | 001,614,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll [2011.02.15 19:46:40 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll [2011.02.15 19:46:40 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.02.15 19:46:40 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.02.15 19:46:40 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2011.02.11 20:39:25 | 000,000,000 | ---D | C] -- C:\Users\Arthur\Desktop\d [2011.02.11 17:41:03 | 000,000,000 | ---D | C] -- C:\Users\Arthur\Desktop\Foto_tetia [2011.02.09 17:35:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.02.09 17:35:23 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.02.09 17:35:23 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.02.09 17:35:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.02.09 17:35:23 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.02.09 17:35:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.02.09 17:35:23 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.02.09 17:35:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.02.09 17:35:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.02.09 17:35:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.02.09 17:35:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.02.09 17:35:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.02.09 17:35:15 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011.02.09 17:35:15 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011.02.09 17:35:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011.02.09 17:35:14 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2011.02.09 17:35:14 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011.02.09 17:35:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011.02.09 17:35:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011.02.09 17:35:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011.02.09 17:35:09 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.02.09 17:35:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.02.09 17:35:09 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.02.09 17:35:08 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.02.09 17:34:22 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.02.09 17:34:22 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.02.09 17:34:22 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.02.09 17:34:22 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.02.09 17:34:20 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.02.09 17:34:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.02.09 17:33:19 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.02.09 17:33:19 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.02.09 17:33:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.02.09 17:33:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.02.07 20:34:08 | 000,000,000 | ---D | C] -- C:\Users\Arthur\AppData\Roaming\dvdcss [2011.02.05 07:19:20 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2011.02.04 19:15:48 | 000,000,000 | ---D | C] -- C:\Users\Arthur\AppData\Local\Downloaded Installations [2011.02.04 16:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2011.02.04 16:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Editor [2011.02.03 19:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2011.02.03 19:12:34 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client [2011.01.28 17:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.01.28 17:27:41 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.01.28 17:27:41 | 000,000,000 | ---D | C] -- C:\Programme\iPod ========== Files - Modified Within 30 Days ========== [2011.02.18 15:01:02 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 15:01:02 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 14:54:51 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Arthur\Desktop\OTL.exe [2011.02.18 14:51:40 | 008,417,616 | ---- | M] (Mozilla) -- C:\Users\Arthur\Desktop\Firefox Setup 3.6.13.exe [2011.02.18 14:50:02 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Arthur\Desktop\install_flash_player.exe [2011.02.18 14:44:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.18 13:00:42 | 000,234,536 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.02.18 13:00:42 | 000,234,536 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.02.18 03:44:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.17 17:06:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.17 17:05:52 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys [2011.02.13 20:48:43 | 000,096,860 | ---- | M] () -- C:\Users\Arthur\Desktop\cimg0480__large__110.jpg [2011.02.11 20:19:34 | 015,728,640 | ---- | M] () -- C:\Users\Arthur\Desktop\Foto_tetia.part10.rar [2011.02.11 20:18:57 | 015,728,640 | ---- | M] () -- C:\Users\Arthur\Desktop\Foto_tetia.part09.rar [2011.02.11 20:18:40 | 015,728,640 | ---- | M] () -- C:\Users\Arthur\Desktop\Foto_tetia.part08.rar [2011.02.11 20:18:16 | 001,100,959 | ---- | M] () -- C:\Users\Arthur\Desktop\Foto_tetia.part11.rar [2011.02.11 20:17:12 | 015,728,640 | ---- | M] () -- C:\Users\Arthur\Desktop\Foto_tetia.part07.rar [2011.02.11 20:16:55 | 015,728,640 | ---- | M] () -- C:\Users\Arthur\Desktop\Foto_tetia.part06.rar [2011.02.11 20:16:32 | 015,728,640 | ---- | M] () -- C:\Users\Arthur\Desktop\Foto_tetia.part05.rar [2011.02.11 20:16:11 | 015,728,640 | ---- | M] () -- C:\Users\Arthur\Desktop\Foto_tetia.part04.rar [2011.02.11 20:14:23 | 015,728,640 | ---- | M] () -- C:\Users\Arthur\Desktop\Foto_tetia.part03.rar [2011.02.11 17:41:10 | 015,728,640 | ---- | M] () -- C:\Users\Arthur\Desktop\Foto_tetia.part02.rar [2011.02.11 17:40:15 | 015,728,640 | ---- | M] () -- C:\Users\Arthur\Desktop\Foto_tetia.part01.rar [2011.02.10 16:59:56 | 003,022,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.02.09 21:01:47 | 000,055,573 | ---- | M] () -- C:\Users\Arthur\Desktop\podbormf.jpg [2011.02.06 16:56:41 | 000,142,120 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2011.02.03 18:09:19 | 001,507,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.03 18:09:19 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.03 18:09:19 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.03 18:09:19 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.03 18:09:19 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.28 17:28:07 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.01.26 07:53:10 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.01.26 07:31:20 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.01.22 16:08:28 | 000,453,435 | ---- | M] () -- C:\Users\Arthur\Desktop\IMG_0247.JPG ========== Files Created - No Company Name ========== [2011.02.13 20:48:42 | 000,096,860 | ---- | C] () -- C:\Users\Arthur\Desktop\cimg0480__large__110.jpg [2011.02.11 20:18:03 | 001,100,959 | ---- | C] () -- C:\Users\Arthur\Desktop\Foto_tetia.part11.rar [2011.02.11 20:17:45 | 015,728,640 | ---- | C] () -- C:\Users\Arthur\Desktop\Foto_tetia.part10.rar [2011.02.11 20:16:53 | 015,728,640 | ---- | C] () -- C:\Users\Arthur\Desktop\Foto_tetia.part09.rar [2011.02.11 20:16:17 | 015,728,640 | ---- | C] () -- C:\Users\Arthur\Desktop\Foto_tetia.part08.rar [2011.02.11 20:14:24 | 015,728,640 | ---- | C] () -- C:\Users\Arthur\Desktop\Foto_tetia.part07.rar [2011.02.11 20:13:55 | 015,728,640 | ---- | C] () -- C:\Users\Arthur\Desktop\Foto_tetia.part06.rar [2011.02.11 20:13:12 | 015,728,640 | ---- | C] () -- C:\Users\Arthur\Desktop\Foto_tetia.part05.rar [2011.02.11 20:12:49 | 015,728,640 | ---- | C] () -- C:\Users\Arthur\Desktop\Foto_tetia.part04.rar [2011.02.11 20:12:26 | 015,728,640 | ---- | C] () -- C:\Users\Arthur\Desktop\Foto_tetia.part03.rar [2011.02.11 17:39:49 | 015,728,640 | ---- | C] () -- C:\Users\Arthur\Desktop\Foto_tetia.part02.rar [2011.02.11 17:39:10 | 015,728,640 | ---- | C] () -- C:\Users\Arthur\Desktop\Foto_tetia.part01.rar [2011.02.09 21:01:46 | 000,055,573 | ---- | C] () -- C:\Users\Arthur\Desktop\podbormf.jpg [2011.02.05 07:19:02 | 000,002,272 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 3D Reviewer.lnk [2011.02.05 07:19:01 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro Extended.lnk [2011.02.05 07:19:01 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk [2011.02.05 07:19:01 | 000,002,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk [2011.02.03 18:37:03 | 000,453,435 | ---- | C] () -- C:\Users\Arthur\Desktop\IMG_0247.JPG [2011.01.28 17:28:07 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.12.07 19:17:51 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2010.12.07 19:17:51 | 000,071,926 | ---- | C] () -- C:\ProgramData\MercadoLivre.ico Code:
ATTFilter
OTL Extras logfile created on: 18.02.2011 14:57:56 - Run 1
OTL by OldTimer - Version
Folder = C:\Users\Arthur\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 74,00% Memory free
ATTFilter OTL Extras logfile created on: 18.02.2011 14:57:56 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Arthur\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 74,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 263,80 Gb Free Space | 56,65% Space Free | Partition Type: NTFS Drive D: | 467,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 698,64 Gb Total Space | 309,49 Gb Free Space | 44,30% Space Free | Partition Type: NTFS Drive H: | 1863,01 Gb Total Space | 1199,40 Gb Free Space | 64,38% Space Free | Partition Type: NTFS Drive R: | 139,73 Gb Total Space | 116,01 Gb Free Space | 83,02% Space Free | Partition Type: NTFS Computer Name: ARTHUR-PC | User Name: Arthur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 "{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Ultra Edition "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.721 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Anarchy Online_is1" = Anarchy Online "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Cities XL 2011" = Cities XL 2011 "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.3.1 "Foxit PDF Editor" = Foxit PDF Editor "jetAudio 7.1.x deutsche Sprachdateien" = jetAudio 7.1.x deutsche Sprachdateien "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PokerStars" = PokerStars "PunkBusterSvc" = PunkBuster Services "RocketDock_is1" = RocketDock 1.3.5 "Steam App 13140" = America's Army 3 "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "SystemRequirementsLab" = System Requirements Lab "TeamViewer 5" = TeamViewer 5 "TeamViewer 6" = TeamViewer 6 "TuneUp Utilities" = TuneUp Utilities "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "QIP 2005" = QIP 2005 8097 "QIP 2010" = QIP 2010 "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 26.12.2010 17:58:11 | Computer Name = Arthur-PC | Source = Windows Backup | ID = 4104 Description = Error - 30.12.2010 16:49:34 | Computer Name = Arthur-PC | Source = Avira AntiVir | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei J:\DCIM\103_PANA\P1030262.JPG. [ACCESS_VIOLATION Exception!! EIP = 0x12a2288] Bitte Avira informieren und die obige Datei übersenden! Error - 28.01.2011 14:10:18 | Computer Name = Arthur-PC | Source = Bonjour Service | ID = 100 Description = 348: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 28.01.2011 14:10:18 | Computer Name = Arthur-PC | Source = Bonjour Service | ID = 100 Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 28.01.2011 14:10:18 | Computer Name = Arthur-PC | Source = Bonjour Service | ID = 100 Description = 212: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 28.01.2011 14:10:18 | Computer Name = Arthur-PC | Source = Bonjour Service | ID = 100 Description = 216: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 28.01.2011 14:10:18 | Computer Name = Arthur-PC | Source = Bonjour Service | ID = 100 Description = 464: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 04.02.2011 14:16:39 | Computer Name = Arthur-PC | Source = MsiInstaller | ID = 1013 Description = Error - 04.02.2011 14:17:49 | Computer Name = Arthur-PC | Source = MsiInstaller | ID = 1013 Description = Error - 04.02.2011 14:18:57 | Computer Name = Arthur-PC | Source = MsiInstaller | ID = 1013 Description = [ Media Center Events ] Error - 26.05.2010 12:51:33 | Computer Name = Arthur-PC | Source = MCUpdate | ID = 0 Description = 18:51:33 - Fehler beim Herstellen der Internetverbindung. 18:51:33 - Serververbindung konnte nicht hergestellt werden.. Error - 26.05.2010 12:51:42 | Computer Name = Arthur-PC | Source = MCUpdate | ID = 0 Description = 18:51:38 - Fehler beim Herstellen der Internetverbindung. 18:51:38 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 10.02.2011 13:49:37 | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 10.02.2011 13:49:40 | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "TeamViewer 6" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 10.02.2011 13:49:41 | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "TeamViewer 5" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 10.02.2011 13:49:47 | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 10.02.2011 13:49:54 | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.02.2011 11:28:57 | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "ArcSoft Connect Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.02.2011 11:29:05 | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.02.2011 11:29:08 | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "TeamViewer 6" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 13.02.2011 11:29:09 | Computer Name = Arthur-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "NMIndexingService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.02.2011 14:13:48 | Computer Name = Arthur-PC | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() 40 Tan Trojander Sparkasse der nächste ^^ • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL O4 - HKCU..\Run: [{6E7A36B0-2709-B249-CA90-06A6A4158A90}] C:\Users\Arthur\AppData\Roaming\Coukxu\gayds.exe (AVG Technologies CZ, s.r.o.) :Files C:\Users\Arthur\AppData\Roaming\Coukxu :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
| ![]() 40 Tan Trojander Sparkasse der nächste ^^ so hier der rest alles auch hochgeladen.
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{6E7A36B0-2709-B249-CA90-06A6A4158A90} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E7A36B0-2709-B249-CA90-06A6A4158A90}\ not found. C:\Users\Arthur\AppData\Roaming\Coukxu\gayds.exe moved successfully. ========== FILES ========== C:\Users\Arthur\AppData\Roaming\Coukxu folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Arthur ->Flash cache emptied: 59830 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Arthur ->Temp folder emptied: 2776442 bytes ->Temporary Internet Files folder emptied: 73380018 bytes ->Java cache emptied: 7884880 bytes ->FireFox cache emptied: 143807075 bytes ->Google Chrome cache emptied: 856432 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 434 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 504174 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 2155485670 bytes Total Files Cleaned = 2.274,00 mb OTL by OldTimer - Version log created on 02182011_153328 Files\Folders moved on Reboot... C:\Users\Arthur\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Arthur\AppData\Local\Mozilla\Firefox\Profiles\2aerfoa9.default\Cache\_CACHE_001_ moved successfully. C:\Users\Arthur\AppData\Local\Mozilla\Firefox\Profiles\2aerfoa9.default\Cache\_CACHE_002_ moved successfully. C:\Users\Arthur\AppData\Local\Mozilla\Firefox\Profiles\2aerfoa9.default\Cache\_CACHE_003_ moved successfully. C:\Users\Arthur\AppData\Local\Mozilla\Firefox\Profiles\2aerfoa9.default\Cache\_CACHE_MAP_ moved successfully. File\Folder C:\Users\Arthur\AppData\Local\Mozilla\Firefox\Profiles\2aerfoa9.default\urlclassifier3.sqlite not found! C:\Users\Arthur\AppData\Local\Mozilla\Firefox\Profiles\2aerfoa9.default\XUL.mfl moved successfully. Registry entries deleted on Reboot... |
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
| ![]() 40 Tan Trojander Sparkasse der nächste ^^ kommt iwie ne bestätigung das es geuppt ist? weil ich habe nur gewartet bis der balken unten voll war dann hat er neuaktualisiert und stat nix mehr da! evtl nochmal? |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() 40 Tan Trojander Sparkasse der nächste ^^ du hast das falsche hochgeladen. ich möchte den ordner moved files :-)
__________________ --> 40 Tan Trojander Sparkasse der nächste ^^ |
| ![]() 40 Tan Trojander Sparkasse der nächste ^^ der will das .rar archiv nicht hochladen das ist 14mb groß |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() 40 Tan Trojander Sparkasse der nächste ^^ dann lads bei File-Upload.net - Ihr kostenloser File Hoster! hoch und sende mir den link als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() 40 Tan Trojander Sparkasse der nächste ^^ um sicher zu gehen, solltest du jetzt mit der daten sicherung starten, dann setzen wir neu auf und sichern das system richtig ab, nur so bekommen wir das system garantiert sauber.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
| ![]() 40 Tan Trojander Sparkasse der nächste ^^ ja hab schon angefangen =) danke größtenteil hab ich schon! sieht schlecht aus oder was? |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() 40 Tan Trojander Sparkasse der nächste ^^ siehts ja :-) wenn du so weit bist, melde dich, bin aber bald raus heute, dann morgen vormittag :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
| ![]() 40 Tan Trojander Sparkasse der nächste ^^ so hab jetzt mal alles gesichert =) |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() 40 Tan Trojander Sparkasse der nächste ^^
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
| ![]() 40 Tan Trojander Sparkasse der nächste ^^ das sind ja ne menge sachen muss ich sehen ob ich mich zurecht finde mit dem ganzen |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() 40 Tan Trojander Sparkasse der nächste ^^ na wenn nicht melde dich. ein antiviren programm reicht heute nicht mehr aus, da müssen auch andere maßnamen getroffen werden!
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
adobe, antivir, avgntflt.sys, avira, bho, black, bonjour, c:\windows\system32\rundll32.exe, call of duty, error, excel, explorer, firefox, flash player, format, hängen, ieframe.dll, install.exe, langs, location, logfile, media center, microsoft office word, mozilla, msiinstaller, object, office 2007, oldtimer, otl.exe, photoshop, plug-in, programdata, realtek, registry, rundll, saver, scan, sched.exe, searchplugins, security, security update, senden, shell32.dll, shortcut, software, sptd.sys, start menu, syswow64, teamspeak, webcheck, windows |