| |
| |||||||
Log-Analyse und Auswertung: Hier auch: BKA-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.04.2011, 15:40
| #1 |
| |  Hier auch: BKA-Trojaner Hallo zusammen, mich hat ebenfalls der BKA-Trojaner erwischt. Habe bereits den OTLPE-Scan per Live-CD ausgeführt. Hier die Logs: OTL.txt Code:
ATTFilter OTL logfile created on: 4/15/2011 5:27:44 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 146.48 Gb Total Space | 97.34 Gb Free Space | 66.45% Space Free | Partition Type: NTFS
Drive D: | 151.61 Gb Total Space | 109.80 Gb Free Space | 72.43% Space Free | Partition Type: NTFS
Drive E: | 7.52 Gb Total Space | 6.96 Gb Free Space | 92.63% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (BlueSoleilCS) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe ()
SRV - (BsHelpCS) -- C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe ()
SRV - (BsMobileCS) -- C:\Programme\IVT Corporation\BlueSoleil\BsMobileCS.exe ()
SRV - (CTUPnPSv) -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (CTDevice_Srv) -- C:\Programme\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (Tosrfusb) -- File not found
DRV - (TosRfSnd) -- File not found
DRV - (tosrfnds) -- File not found
DRV - (Tosrfhid) -- File not found
DRV - (Tosrfcom) -- File not found
DRV - (tosrfbnp) -- File not found
DRV - (tosrfbd) -- File not found
DRV - (tosporte) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lavasoft Kernexplorer) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (BtHidBus) -- C:\WINDOWS\system32\drivers\BtHidBus.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (btnetBUs) -- C:\WINDOWS\system32\drivers\btnetBus.sys ()
DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (Cam5607) -- C:\WINDOWS\system32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (KMWDFilter) -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (BTNetFilter) -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jens_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.045
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.90
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {9220f99f-5b7d-4a4d-97ca-209991796400}:1.5.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/04/09 09:49:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/03/23 15:46:40 | 000,000,000 | ---D | M]
[2009/03/24 17:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Extensions
[2011/04/15 04:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions
[2011/01/05 19:00:40 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/12/24 15:57:05 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2011/03/04 14:54:52 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/12/24 15:57:07 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/04/09 14:33:40 | 000,000,000 | ---D | M] (Gutscheinaffe) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}
[2011/04/09 14:33:40 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2011/04/09 14:33:38 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/04/09 14:33:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/12 15:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/12 15:44:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/04/09 14:33:39 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/04/09 14:33:37 | 000,000,000 | ---D | M] (Lazarus: Form Recovery) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\lazarus@interclue.com
[2011/04/09 14:33:36 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\unplug@compunach
[2011/03/12 15:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\mozilla\Firefox\Profiles\zadktwyu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/04/15 04:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009/05/05 08:37:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/06 07:29:26 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/03/06 07:29:26 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/03/06 07:29:26 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/03/06 07:29:26 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/06 07:29:26 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe (Bison Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Programme\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\Jens_ON_C..\Run: [Freebie Notes] C:\Programme\Power Soft\Freebie Notes\FreebieNotes.exe (Power Soft)
O4 - HKU\Jens_ON_C..\Run: [Miranda IM472] C:\Programme\Miranda IM\miranda32.exe ( )
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jens_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Per Mitteilung versenden(&M) ... - C:\Programme\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O8 - Extra context menu item: Über Bluetooth senden - C:\Programme\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Programme\Mozilla Firefox\null0.3948125339650338.exe) - C:\Programme\Mozilla Firefox\null0.3948125339650338.exe (Vmfdyadxd Vitipbuc)
O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/24 15:21:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/11 17:17:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Desktop\MS Office 2007
[2011/04/09 16:59:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Sierra
[2011/04/09 16:59:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Eigene Dateien\Empire Earth II
[2011/04/09 16:47:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sierra
[2011/04/09 16:46:50 | 000,000,000 | ---D | C] -- C:\Programme\Sierra
[2011/04/01 13:04:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Eigene Dateien\PassportPhoto settings
[2011/04/01 13:04:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\passport_photo
[2011/04/01 13:04:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\PassportPhoto
[2011/04/01 13:04:06 | 000,000,000 | ---D | C] -- C:\Programme\PassportPhoto
[2011/03/27 08:23:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\BrowserPlus
[2011/03/27 08:22:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Anwendungsdaten\Yahoo!
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/15 10:02:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/15 10:01:42 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2011/04/15 09:14:25 | 000,006,278 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2011/04/15 09:14:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/15 09:14:10 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/15 05:07:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/15 04:09:21 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/04/10 13:27:40 | 009,993,462 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Desktop\Internetanbieter Vergliech.bmp
[2011/04/09 17:21:01 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/04/09 16:47:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sierra
[2011/04/07 13:04:53 | 000,002,295 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk
[2011/04/06 15:14:24 | 000,408,628 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/04/06 15:14:24 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/06 15:14:24 | 000,071,590 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/04/06 15:14:24 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/02 11:46:07 | 000,002,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/10 13:27:40 | 009,993,462 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Desktop\Internetanbieter Vergliech.bmp
[2011/04/09 17:21:01 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/12/30 16:00:52 | 000,000,125 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2010/12/30 15:57:30 | 000,006,278 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2010/12/30 15:57:29 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2010/12/30 15:53:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI
[2010/12/23 06:11:08 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2010/12/23 06:11:08 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2010/10/23 15:12:49 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2010/10/06 11:14:41 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\.recently-used.xbel
[2010/10/06 11:14:37 | 000,007,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\OnlineBanking.20101006171437.xac
[2010/10/06 11:14:30 | 000,001,476 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\OnlineBanking.20101006171430.xac
[2010/10/06 11:03:13 | 000,001,094 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\OnlineBanking.20101006170313.xac
[2010/10/06 11:00:12 | 000,000,938 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\OnlineBanking.20101006170012.xac
[2010/10/06 10:54:24 | 000,007,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\OnlineBanking
[2010/10/04 17:38:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/09/24 03:49:00 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a_gui.exe
[2010/09/24 03:49:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.exe
[2010/09/24 03:48:58 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2010/05/01 09:20:00 | 002,185,518 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/10/02 12:22:45 | 000,000,030 | ---- | C] () -- C:\WINDOWS\USDL_GrandPrix_v1.6.4_XP.INI
[2009/09/29 11:29:39 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\$_hpcst$.hpc
[2009/08/12 16:50:05 | 000,000,996 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/05/24 15:33:13 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/05/19 08:47:44 | 000,000,309 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\ds2sge.conf
[2009/05/11 08:43:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/07 05:42:08 | 000,000,123 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\default.pls
[2009/03/25 11:09:36 | 000,198,916 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009/03/25 10:42:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/25 10:42:36 | 000,044,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/25 10:05:03 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009/03/25 08:32:09 | 000,000,602 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/24 17:08:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/24 15:55:14 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/03/24 15:55:08 | 000,000,188 | R--- | C] () -- C:\WINDOWS\OEM.ini
[2009/03/24 15:31:31 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/03/24 15:22:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/24 15:18:27 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/24 15:11:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/24 15:10:26 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/27 12:04:46 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini
[2009/02/27 11:45:16 | 000,405,589 | ---- | C] () -- C:\WINDOWS\System32\BsUI.dll
[2009/02/27 11:44:50 | 000,278,647 | ---- | C] () -- C:\WINDOWS\System32\outlookAddin.dll
[2009/02/27 11:44:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\HtmPrintHelper.dll
[2009/02/27 11:44:10 | 000,622,693 | ---- | C] () -- C:\WINDOWS\System32\BSShell.dll
[2009/02/27 11:41:02 | 000,122,976 | ---- | C] () -- C:\WINDOWS\System32\BsMobileSDK.dll
[2009/02/27 11:40:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll
[2009/02/27 11:38:38 | 000,106,595 | ---- | C] () -- C:\WINDOWS\System32\Bs2Res.dll
[2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/07 07:44:54 | 000,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2008/10/22 10:30:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,408,628 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/04/14 08:00:00 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,071,590 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/04/14 08:00:00 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/03/07 08:54:22 | 017,907,824 | ---- | C] () -- C:\WINDOWS\System32\BsLangInDepRes.dll
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/11/02 11:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
========== LOP Check ==========
[2010/10/04 17:38:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\System32\config\systemprofile\Anwendungsdaten\Application Updater
[2010/09/25 12:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\.minecraft
[2010/10/06 07:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\BayCalculator
[2009/12/21 12:50:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Canon
[2010/10/03 14:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\CursorArts
[2010/10/20 14:34:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\de.comdirect.ticker.CD5696F93DD370A1D14916944CB4AC4A409DD315.1
[2010/10/02 12:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\FireShot
[2010/10/06 11:08:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\gtk-2.0
[2010/10/03 14:48:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\IconTweaker
[2010/10/02 09:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\IrfanView
[2009/05/05 08:44:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\JCreator
[2010/12/27 08:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\My Games
[2009/04/16 10:05:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Opera
[2011/04/01 13:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\passport_photo
[2009/03/24 16:00:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Protector Suite
[2010/10/17 14:46:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\QuickScan
[2011/04/09 16:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\Sierra
[2010/10/28 10:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\temp
[2010/12/30 13:53:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\TOSHIBA
[2009/12/20 21:15:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\TS3Client
[2009/03/25 08:05:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\TuneUp Software
[2010/05/11 05:15:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2009/08/27 08:05:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2009/12/21 12:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJ
[2010/10/03 14:48:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IconTweaker
[2009/05/05 08:44:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\JCreator
[2010/10/06 07:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Power Soft
[2010/10/04 18:48:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010/11/01 16:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield
[2010/10/03 07:22:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\System Restore
[2010/12/30 15:46:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TOSHIBA
[2009/03/25 08:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009/03/24 15:58:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2009/08/11 12:34:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{4D18D6A0-D216-4470-B464-1F2DC271458B}
[2009/08/11 12:34:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{6608C652-8B5C-4778-BAC8-B59DD368D024}
[2011/03/04 12:15:42 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
========== Purity Check ==========
< End of report >
Extras.txt Code:
ATTFilter OTL Extras logfile created on: 4/15/2011 5:27:44 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 146.48 Gb Total Space | 97.34 Gb Free Space | 66.45% Space Free | Partition Type: NTFS
Drive D: | 151.61 Gb Total Space | 109.80 Gb Free Space | 72.43% Space Free | Partition Type: NTFS
Drive E: | 7.52 Gb Total Space | 6.96 Gb Free Space | 92.63% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Programme\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Programme\KONAMI\Pro Evolution Soccer 2011\pes2011.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Steam\SteamApps\blazzinflame\counter-strike\hl.exe" = C:\Programme\Steam\SteamApps\blazzinflame\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Programme\Steam\SteamApps\blazzinflame\condition zero\hl.exe" = C:\Programme\Steam\SteamApps\blazzinflame\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)
"C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe" = C:\Programme\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"C:\Programme\Steam\SteamApps\common\america's army 3\Binaries\AA3Game.exe" = C:\Programme\Steam\SteamApps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3 -- ()
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{17857C69-7BF4-4821-9626-76C1597FD9F0}" = hpg3800
"{1A1A9F0B-2C77-40EE-9052-42B2EBBDD52B}" = HP Scanjet 3800
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{2D7D9D86-923A-41A8-919F-437332AB1031}" = Nero 7 Ultra Edition
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0A871F9-D580-4404-9A69-A02CF3078C87}" = Bluesoleil 6.4.249.0
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"4C806F98217A7FD4E853F458FF399F052625F21C" = Windows-Treiberpaket - Hewlett-Packard Image (12/28/2006 8.0.0.0)
"Access" = Microsoft Office Access 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"C&C - Zero Hour - Full Uncut Patch Final v.2.5" = C&C - Zero Hour - Full Uncut Patch Final v.2.5
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"CCleaner" = CCleaner
"Creative Centrale" = Creative Centrale
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DungeonSiege2" = Dungeon Siege 2
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EXCEL" = Microsoft Office Excel 2007
"Freecorder Toolbar3.0" = Freecorder Toolbar 3.0 Application
"FreeNotes2_is1" = Freebie Notes
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"nLite_is1" = nLite 1.4.9.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OUTLOOK" = Microsoft Office Outlook 2007
"ProInst" = Intel PROSet Wireless
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 13140" = America's Army 3
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 410" = Portal: First Slice
"Steam App 80" = Counter-Strike: Condition Zero
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UltraDefrag" = Ultra Defragmenter
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"WORD" = Microsoft Office Word 2007
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"xp-AntiSpy" = xp-AntiSpy 3.96-4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Jens_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PassportPhoto" = PassportPhoto (remove)
"Warcraft III" = Warcraft III: All Products
"WinSetupFromUSB" = WinSetupFromUSB
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
< End of report >
Danke schonmal für eure Hilfe. :-) |
| Themen zu Hier auch: BKA-Trojaner |
| 0x00000001, adblock, antivirus, audacity, avast!, benutzerregistrierung, bho, bka-trojaner, delay.exe, desktop, down, einstellungen, error, excel, extras.txt, firefox, flash player, format, helper, jdownloader, location, logfile, microsoft office word, mozilla, object, oldtimer, otl.txt, realtek, reatogo, registry, rundll, saver, searchplugins, security, server, shell32.dll, software, sptd.sys, tcp, teamspeak, udp, windows, windows internet, windows xp |
Baum-Darstellung