| |
| |||||||
Log-Analyse und Auswertung: TR/Kazy.mekml.1 - Festplattenfehler, Dateien verstecktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.04.2011, 11:16
| #1 |
 |  TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt Hallo zusammen, nun hats auch mich erwischt... janz toll! Das passt grad überhaupt nicht. Aber so gehts wohl jedem hier. Hab mir gestern diesen Trojaner - TR/Kazy.mekml.1 - (laut Avira AntiVir Personal - Free Antivirus) gefangen. Probleme sind genau diese die hier von all den anderen Usern geschildert werden. - doppelter Warnhinweis über Avira, dass ein Trojaner entdeckt wurde. Dieser lässt sich jedoch nicht löschen umbenenen oder sonstiges. - Sekunden später versuchte sich ein Programm zu installieren: steckte glaube ich in User\Henni\AppData\Local\Temp\setup... (zahlenfolge). - trotz Verweigerung der installation ploppte diese Erlaubnisfrage stetig weiter auf - ob es sich doch noch installiert hat, kann ich nicht sagen, die Erlaubnis habe ich nicht erteilt - Die Meldung erscheint nicht mehr. - Der betreffende Dateipfad war sofort versteckt und nicht auffindbar. - nach kurzer Zeit sind alle Daten, Ordner usw. versteckt/ nicht mehr sichtbar. Einschließlich Desktop. - ständige Meldung über beschädigte Festplatte und Problemen mit einem oder mehreren installierten IDE/ SATA Festplatten. Neustart wird empfohlen. - Meldung: Kritischer Festplatten Fehler - Andauernde Abstürze - Irgendein Windows Diagnose/ Reperatur Programm wird aufgerufen und rät mir irgendeinen Zusatz zu kaufen. - Offensichtlich scheinen aber alle Programme zu funktionieren Ich habe hier schon ein bischen gelesen und auch bereits den scan mit OTL gemacht. Ist am Ende - Sorry, dass ich das so mit ranhängen muss und nicht als extra Datei, kann leider, dass was ich speicher ja nicht sehen.... Malwarebytes laß ich gerade durchlaufen. Und editier das gleich mit ran. Was sind denn dann die nächsten Schritte, bin mir da nicht soo sicher, da auch ich mitlerweile eher zur Fraktion viel surfen - wenig Ahnung gehöre... Hab gelesen, dass ich um eine Festplattenformatierung und Windows Neuinstallation nicht umhinkommen könnte. Wenn ich dann vorher aber noch meine Daten sicher (wenn ich sie wieder sehe) besteht dann nicht die Gefahr den Trojaner mit meinen Daten mit zu sichern?!! Vielen, vielen Dank schonmal an alle Helfer hier. Ihr habt, soweit ich das auf den ersten Blick überschauen kann, eine super tolle Seite und bietet geniale und vorallem blitzschnelle Hilfe. Besten Dank, Hendrik OTL.TxtOTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 27.04.2011 12:04:40 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Henni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 3,63 Gb Free Space | 9,07% Space Free | Partition Type: NTFS
Drive D: | 109,05 Gb Total Space | 21,06 Gb Free Space | 19,31% Space Free | Partition Type: NTFS
Drive E: | 4,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: HENNI-PC | User Name: Henni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Henni\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\ProgramData\qSsBwhAkulOsDNp.exe (WinTrust)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - D:\Programme\Java\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Steam\steam.exe (Valve Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Henni\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msvcr100_clr0400.dll (Microsoft Corporation)
MOD - C:\Programme\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (CTEDSPSY.DLL) -- C:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL) -- C:\Windows\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\Windows\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\Windows\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\Windows\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (COMMONFX.DLL) -- C:\Windows\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (RT2500) -- C:\Windows\System32\drivers\RT2500.sys (Ralink Technology Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 D8 F5 EE D2 55 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {7B297676-4772-4A94-AAF9-43E89FCB1FD8}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.14 17:08:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.23 19:43:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.25 17:49:54 | 000,000,000 | ---D | M]
[2009.09.07 17:51:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Henni\AppData\Roaming\mozilla\Extensions
[2011.04.27 02:12:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Henni\AppData\Roaming\mozilla\Firefox\Profiles\5vvkm3ut.default\extensions
[2010.09.13 23:25:33 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Henni\AppData\Roaming\mozilla\Firefox\Profiles\5vvkm3ut.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.21 10:44:12 | 000,000,873 | -H-- | M] () -- C:\Users\Henni\AppData\Roaming\Mozilla\Firefox\Profiles\5vvkm3ut.default\searchplugins\conduit.xml
[2011.03.25 17:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.14 17:08:42 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011.03.25 17:49:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2011.04.27 01:52:59 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\HENNI\APPDATA\LOCAL\{7B297676-4772-4A94-AAF9-43E89FCB1FD8}
[2009.06.25 22:21:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.09 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.09 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.09 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.09 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.09 21:25:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Programme\Java\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Kkumopibanov] C:\Users\Henni\AppData\Local\uvupiriq.dll (Andrea Electronics Corporation)
O4 - HKCU..\Run: [qSsBwhAkulOsDNp] C:\ProgramData\qSsBwhAkulOsDNp.exe (WinTrust)
O4 - HKCU..\Run: [Steam] D:\Programme\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Ysefogolog] C:\Users\Henni\AppData\Local\martckb.dll (Voxware, Inc.)
O4 - Startup: C:\Users\Henni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor.lnk = C:\Programme\802.11g Wireless LAN\Monitor.exe ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Henni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Henni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Henni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Henni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6fc55de7-496a-11de-8b97-002354d9c601}\Shell - "" = AutoRun
O33 - MountPoints2\{6fc55de7-496a-11de-8b97-002354d9c601}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8b90e33c-2a1b-11df-a8e1-002354d9c601}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{fb983c8b-add9-11de-b284-002354d9c601}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{fb983c8b-add9-11de-b284-002354d9c601}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.27 09:14:58 | 000,000,000 | -H-D | C] -- C:\Users\Henni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.27 01:52:59 | 000,000,000 | -H-D | C] -- C:\Users\Henni\AppData\Local\{7B297676-4772-4A94-AAF9-43E89FCB1FD8}
[2011.04.27 01:51:26 | 000,573,440 | ---- | C] (WinTrust) -- C:\ProgramData\qSsBwhAkulOsDNp.exe
[2011.04.19 18:34:28 | 000,000,000 | -H-D | C] -- C:\Users\Henni\Desktop\VR
[2011.04.15 15:41:44 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 15:41:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 15:41:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.15 15:41:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 15:41:22 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 15:41:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.15 15:41:22 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 15:41:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 15:41:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.15 15:41:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.15 15:41:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.15 15:41:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.15 15:41:21 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.15 15:41:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.15 15:41:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.15 15:41:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.15 15:41:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.15 15:41:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.15 15:41:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.15 15:41:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 15:41:12 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 15:41:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 15:40:59 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 15:40:52 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 15:40:52 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.02 22:54:26 | 000,000,000 | -H-D | C] -- C:\Users\Henni\.smplayer
[2009.08.06 17:25:51 | 000,278,528 | -H-- | C] (Andrea Electronics Corporation) -- C:\Users\Henni\AppData\Local\uvupiriq.dll
[2009.08.06 17:25:51 | 000,122,880 | -H-- | C] (Voxware, Inc.) -- C:\Users\Henni\AppData\Local\martckb.dll
[2009.06.04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009.06.04 01:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
========== Files - Modified Within 30 Days ==========
[2011.04.27 12:00:15 | 000,000,120 | -H-- | M] () -- C:\Users\Henni\AppData\Local\Ewepidel.dat
[2011.04.27 12:00:02 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3F0F7E61-F75A-4FBB-AD90-3AD676F3CFAA}.job
[2011.04.27 11:59:45 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 11:59:45 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 11:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.27 11:59:37 | 3488,747,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.27 10:22:05 | 000,055,300 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
[2011.04.27 10:22:05 | 000,055,300 | ---- | M] () -- C:\Windows\System32\BMXState-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
[2011.04.27 10:22:05 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
[2011.04.27 09:20:06 | 000,000,392 | ---- | M] () -- C:\ProgramData\40754952
[2011.04.27 09:16:22 | 000,000,583 | -H-- | M] () -- C:\Users\Henni\Desktop\Windows Recovery.lnk
[2011.04.27 09:15:33 | 000,000,184 | ---- | M] () -- C:\ProgramData\~40754952
[2011.04.27 09:15:33 | 000,000,152 | ---- | M] () -- C:\ProgramData\~40754952r
[2011.04.27 01:53:01 | 000,000,000 | -H-- | M] () -- C:\Users\Henni\AppData\Local\Dvirecewewec.bin
[2011.04.27 01:51:25 | 000,573,440 | ---- | M] (WinTrust) -- C:\ProgramData\qSsBwhAkulOsDNp.exe
[2011.04.24 13:29:05 | 000,663,654 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.24 13:29:05 | 000,608,932 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.24 13:29:05 | 000,138,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.24 13:29:05 | 000,114,424 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.16 15:49:57 | 000,302,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.10 14:04:06 | 000,215,454 | -H-- | M] () -- C:\Users\Henni\Desktop\PolVR - Fall 05.04.2011.pdf
[2011.04.03 15:00:01 | 001,074,643 | -H-- | M] () -- C:\Users\Henni\Desktop\Scan_Doc0001.pdf
========== Files Created - No Company Name ==========
[2011.04.27 09:16:22 | 000,000,583 | -H-- | C] () -- C:\Users\Henni\Desktop\Windows Recovery.lnk
[2011.04.27 09:15:33 | 000,000,184 | ---- | C] () -- C:\ProgramData\~40754952
[2011.04.27 09:15:33 | 000,000,152 | ---- | C] () -- C:\ProgramData\~40754952r
[2011.04.27 09:14:48 | 000,000,392 | ---- | C] () -- C:\ProgramData\40754952
[2011.04.27 01:53:01 | 000,000,120 | -H-- | C] () -- C:\Users\Henni\AppData\Local\Ewepidel.dat
[2011.04.27 01:53:01 | 000,000,000 | -H-- | C] () -- C:\Users\Henni\AppData\Local\Dvirecewewec.bin
[2011.04.10 14:04:02 | 000,215,454 | -H-- | C] () -- C:\Users\Henni\Desktop\PolVR - Fall 05.04.2011.pdf
[2011.04.03 14:59:54 | 001,074,643 | -H-- | C] () -- C:\Users\Henni\Desktop\Scan_Doc0001.pdf
[2011.01.17 19:46:45 | 000,006,123 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2011.01.17 16:40:33 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat
[2011.01.17 16:40:33 | 000,274,587 | ---- | C] () -- C:\Windows\System32\CTSBAS2W.DAT
[2011.01.17 16:40:33 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2011.01.17 16:40:33 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2011.01.17 16:40:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll
[2011.01.17 16:40:33 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat
[2011.01.17 16:40:33 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2011.01.17 16:40:33 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2011.01.17 16:40:32 | 000,149,838 | ---- | C] () -- C:\Windows\System32\CTBAS2W.DAT
[2011.01.17 16:40:32 | 000,037,888 | ---- | C] () -- C:\Windows\System32\psconv.exe
[2011.01.17 15:41:55 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.11.14 16:59:01 | 000,238,987 | ---- | C] () -- C:\Windows\hpwins26.dat
[2010.11.12 19:37:26 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.10.02 18:57:21 | 000,239,000 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2010.10.02 18:44:00 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2010.05.25 21:30:08 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009.11.23 19:53:15 | 000,004,096 | -H-- | C] () -- C:\Users\Henni\AppData\Local\keyfile3.drm
[2009.08.18 08:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2009.08.06 17:25:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.06 17:25:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.06 17:28:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.06.04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009.06.04 01:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009.06.04 01:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009.06.04 01:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009.06.04 01:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009.05.09 10:00:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.26 18:53:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.26 18:08:46 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL
[2009.04.26 18:06:54 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009.04.26 18:06:54 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009.04.26 17:29:59 | 000,023,040 | -H-- | C] () -- C:\Users\Henni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.26 16:48:33 | 000,003,948 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.04.26 16:46:34 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.04.26 16:46:26 | 000,027,497 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.04.26 16:44:33 | 000,000,680 | -H-- | C] () -- C:\Users\Henni\AppData\Local\d3d9caps.dat
[2009.04.22 01:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.01.21 09:15:58 | 000,663,654 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,138,240 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,302,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,608,932 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,114,424 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >
--- --- --- Extras.TxtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.04.2011 12:04:40 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Henni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 3,63 Gb Free Space | 9,07% Space Free | Partition Type: NTFS
Drive D: | 109,05 Gb Total Space | 21,06 Gb Free Space | 19,31% Space Free | Partition Type: NTFS
Drive E: | 4,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: HENNI-PC | User Name: Henni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "D:\Programe\Müller Foto\Müller Foto.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B358286-5FC3-415A-93D8-1950C6F9CA7C}" = lport=137 | protocol=17 | dir=in | app=system |
"{24DBC93D-2352-456E-940A-95B7E4F14810}" = rport=139 | protocol=6 | dir=out | app=system |
"{32C31161-325A-462D-80B6-A20FE6816823}" = lport=445 | protocol=6 | dir=in | app=system |
"{427EF96E-549F-43A2-888A-6FC80038F4F3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{53E2EF8D-FB5E-4C82-91B2-C357852DA1A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{562B0726-A8C8-4579-9814-22A14A4FB55C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59F05DC6-FFFD-469A-84E3-9DBDDC59B3D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6EFA3735-9B71-4171-BFBC-6B64EA7B0710}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{796ACDD5-3291-47C3-9A76-A22FB1FAB3E7}" = rport=445 | protocol=6 | dir=out | app=system |
"{7E327737-CE58-4235-B734-AB6357459ABB}" = lport=139 | protocol=6 | dir=in | app=system |
"{A43CA21D-2FBB-4024-B489-E02B6A904C6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A64A50FD-6392-4306-8769-ACC4A43A7CBE}" = lport=138 | protocol=17 | dir=in | app=system |
"{B247B86E-79D9-490C-9E9A-DB0A756FA679}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2B2257C-7301-4C23-8786-0ADB29BAF080}" = rport=137 | protocol=17 | dir=out | app=system |
"{B581CB7F-4CC2-4322-AB37-8D55D129EF5F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C310447F-2DA8-43DA-A00C-3B9664C26032}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D791FD92-7B87-426A-9234-5AA6E3FD2599}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E233C892-0494-4CEA-B85A-65E7179B5AEE}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027DA1D5-B034-4085-8C3C-EC70566DDC02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BD27DB9-13E0-4187-BCAF-D4BCBB90BFDE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1B2B4F09-7FC0-46E4-9C9D-AD5C11E1F728}" = protocol=6 | dir=in | app=d:\games\blood bowl\bb.exe |
"{1B74E3EF-A713-42BE-85C8-6F5064ED482D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1B937263-EAA9-42AB-B1AA-D7192BBFE963}" = protocol=17 | dir=in | app=d:\games\streetfigtheriv\streetfighteriv.exe |
"{1DC73064-0571-4B6F-BBB6-F2ABCAED36EE}" = protocol=17 | dir=in | app=d:\games\blood bowl\autorun\exe\autorun.exe |
"{1F9D6C71-32C7-49DF-8C7E-9607D4D087A6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{21117E3D-B74D-42A6-BE8E-4E8E8C78E11F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{26C31F19-C3D9-45CB-864B-232A06C37CAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{2CDDB5B6-CCCC-4149-8009-48AA7C63EB48}" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"{2D0317AA-ADF3-42F8-9D6F-D02084F6D6E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{2D688BDC-965F-4EA8-BC76-51F8AF796256}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{3685A707-4732-4CDD-A823-036B3A012FD2}" = protocol=17 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe |
"{36F69C87-6D64-4CF3-9013-3F4E44E8E7FC}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3E19FF2B-319B-487D-945C-8E192D14FA9A}" = protocol=6 | dir=in | app=d:\games\demigod\bin\demigod.exe |
"{3E8EC3B3-8C0D-4097-AF69-88808EB8E699}" = protocol=6 | dir=in | app=d:\games\world in conflict\wic_ds.exe |
"{43131678-ED73-4C01-8F5F-0E0F267394DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{44DAC478-29C7-4C9B-B205-1E39D3E6AC5E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{44F0CA46-AF48-4777-AE30-7921C6F544CC}" = protocol=6 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"{4675AFF4-CBEB-46FB-8903-8AA15F8A70D1}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{52024D7B-4349-4E66-BF76-38A4810F116E}" = protocol=17 | dir=in | app=d:\games\world in conflict\wic_online.exe |
"{567E9CBA-3897-436A-91B1-300A5F614051}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{59A24865-D230-4361-98B9-CA91211D6615}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{62384A39-C8DF-41BD-A7A6-AEC3BB43EDE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{667C2218-3FAF-4289-B406-C36D68D237C7}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\empire total war\empire.exe |
"{6BDC6DE5-7208-4FE5-AFA0-912DB80FA1FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{6EF7329E-FCD1-4E27-A860-757B9117A518}" = protocol=17 | dir=in | app=d:\games\blood bowl\bb.exe |
"{76048FB7-6704-4AB9-BCEC-683A95C7B420}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{769520AF-13A2-492E-B1E0-169CF928DB74}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{807F4DF8-66EC-4AD8-AB49-4623006A9000}" = protocol=6 | dir=in | app=d:\games\streetfigtheriv\streetfighteriv.exe |
"{87DA708E-D567-4942-8EE7-BD0FD3C77414}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{9A743BB3-2CC7-4D46-97CF-FBB609E81EF0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9D4A23A8-8387-4CB1-8F10-EF1A39966620}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A40788B2-FD9A-4DCF-92D5-DD7981A8E47B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4C6A5DD-849C-4C45-9339-9EAFD5ED8B02}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B1DE05ED-366A-4784-B431-90216F5B601A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B8124DED-C84D-45A6-B5A1-D140ECF53995}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\empire total war\empire.exe |
"{C6BA4662-5CD5-4888-82FA-54465957AFA5}" = protocol=17 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"{C777CF3B-D54D-487F-9007-5BF1BAD84E0B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{C8944BDD-9D85-445D-9F60-215FA128EFF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC0ED022-6167-42DA-8E7C-0A7323059A1D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{D05A4458-E289-4257-8365-D7813DE98CF7}" = protocol=17 | dir=in | app=d:\games\world in conflict\wic_ds.exe |
"{D0DCA6FB-2BE4-4259-BAF7-2155E70608CB}" = protocol=17 | dir=in | app=d:\games\world in conflict\wic.exe |
"{D60E203F-C31B-4AAE-9C1F-EAE8FC7ED0A6}" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"{DD082088-A12A-44CB-BDCE-ECFD163D9B24}" = protocol=6 | dir=in | app=d:\games\world in conflict\wic.exe |
"{DEAD43F4-B474-482B-8C83-7499243BB2A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E290020B-A063-4C76-A523-80E8ACC50014}" = protocol=6 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe |
"{EA33A8C4-DF16-46BB-872F-79BD807A3D59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{EB6A18DB-CE2F-4A81-9187-E8A13E4FAEE1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC007DD5-2CC1-4414-BC8E-53EC728C6233}" = protocol=6 | dir=in | app=d:\games\blood bowl\autorun\exe\autorun.exe |
"{F038ECAF-AE49-4475-8D49-E0EC02696DA2}" = protocol=17 | dir=in | app=d:\games\demigod\bin\demigod.exe |
"{F4EF1410-0920-4E75-A281-47476B8DA9FA}" = protocol=6 | dir=in | app=d:\games\world in conflict\wic_online.exe |
"{F58508EC-E5E3-419D-B35B-A0CAD91CB841}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"TCP Query User{163E256B-C1B8-4645-B4FB-7610C0915049}D:\games\rome - total war\rometw.exe" = protocol=6 | dir=in | app=d:\games\rome - total war\rometw.exe |
"TCP Query User{23F4CB37-3335-433E-A5E8-F04218CB2C3E}D:\games\dead space\dead space.exe" = protocol=6 | dir=in | app=d:\games\dead space\dead space.exe |
"TCP Query User{56548C9A-D0FE-4CFC-A512-2EC86F189C17}D:\games\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{A8607258-BD4F-4721-8535-8B2D58E4BA52}D:\games\heroes of might and magic v - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=d:\games\heroes of might and magic v - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"TCP Query User{EFDB7F42-36B2-472C-A828-0B769347FC7C}D:\games\heroes of might and magic v\bina1\h5_game.exe" = protocol=6 | dir=in | app=d:\games\heroes of might and magic v\bina1\h5_game.exe |
"UDP Query User{099E145D-C73F-4C1C-926E-36849D06DDB4}D:\games\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{0EA2E3C4-97BC-40C5-ABA9-80C3EB310081}D:\games\rome - total war\rometw.exe" = protocol=17 | dir=in | app=d:\games\rome - total war\rometw.exe |
"UDP Query User{685F94C4-576A-4BBB-9569-FDB5AD079D14}D:\games\dead space\dead space.exe" = protocol=17 | dir=in | app=d:\games\dead space\dead space.exe |
"UDP Query User{AF847195-0C1C-450B-B105-3BAB33F2CA18}D:\games\heroes of might and magic v - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=17 | dir=in | app=d:\games\heroes of might and magic v - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"UDP Query User{E41A7057-3344-4A4A-984C-1AE5ACDC6912}D:\games\heroes of might and magic v\bina1\h5_game.exe" = protocol=17 | dir=in | app=d:\games\heroes of might and magic v\bina1\h5_game.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7AC753F9-285B-4D10-99D1-DB809DFC01E9}" = 802.11g Wireless LAN Adapter
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B929A084-395B-4886-8474-CC55CF76F17E}" = Mindjet MindManager 8
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Batch PPTX to PPT Converter" = Batch PPTX to PPT Converter
"BloodBowl_is1" = Blood Bowl 1.1.3.3
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"EADM" = EA Download Manager
"Evil Player" = Evil Player v1.31
"Free Studio_is1" = Free Studio version 4.9
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Impulse" = Impulse
"InstallShield_{7AC753F9-285B-4D10-99D1-DB809DFC01E9}" = 802.11g Wireless LAN
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Müller Foto" = Müller Foto
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PDF-XChange 3_is1" = PDF-XChange 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Shop for HP Supplies" = Shop for HP Supplies
"SMPlayer" = SMPlayer 0.6.9
"Steam App 10500" = Empire: Total War
"SysInfo" = Creative Systeminformationen
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineCodex WHFB" = OnlineCodex WHFB
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.04.2011 03:17:05 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.04.2011 03:36:15 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.04.2011 03:36:15 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.04.2011 03:37:08 | Computer Name = Henni-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.04.2011 03:58:03 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.04.2011 03:58:03 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.04.2011 03:58:18 | Computer Name = Henni-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.04.2011 04:19:53 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.04.2011 04:19:53 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.04.2011 04:20:11 | Computer Name = Henni-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 26.04.2011 19:58:42 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 26.04.2011 20:07:34 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.04.2011 03:15:52 | Computer Name = Henni-PC | Source = DCOM | ID = 10005
Description =
Error - 27.04.2011 03:16:01 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.04.2011 03:17:36 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 27.04.2011 03:37:09 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.04.2011 03:38:37 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 27.04.2011 03:58:18 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.04.2011 04:20:11 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.04.2011 06:00:17 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Und der Maleware Report: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6455 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 27.04.2011 13:03:15 mbam-log-2011-04-27 (13-03-15).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 153172 Laufzeit: 5 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 19 Infizierte Speicherprozesse: c:\programdata\qssbwhakulosdnp.exe (Trojan.FakeAlert) -> 3764 -> Unloaded process successfully. Infizierte Speichermodule: c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Delete on reboot. c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kkumopibanov (Trojan.Hiloti) -> Value: Kkumopibanov -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ysefogolog (Trojan.Hiloti) -> Value: Ysefogolog -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qSsBwhAkulOsDNp (Trojan.FakeAlert) -> Value: qSsBwhAkulOsDNp -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\Henni\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Delete on reboot. c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Delete on reboot. c:\programdata\qssbwhakulosdnp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\0.2735678170939042.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\0.7336136234008448.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\3CA6.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\4v1p7fxr.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\setup1656241528.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\setup168982136.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\setup2473031608.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\setup2580969912.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\setup2955183096.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\setup3159422648.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\setup4033509176.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\e.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\Temp\setup905086072.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Henni\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. Hab ihn grad nochmal durchlaufen lassen da ich von AntiVir jetzt Meldungen über einen weiteren Trojaner - TR/Trash.Gen - bekomme: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6455 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 27.04.2011 13:10:28 mbam-log-2011-04-27 (13-10-28).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152983 Laufzeit: 4 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Delete on reboot. c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kkumopibanov (Trojan.Hiloti) -> Value: Kkumopibanov -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ysefogolog (Trojan.Hiloti) -> Value: Ysefogolog -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. Hab ihn grad noch 2 mal durchlaufen lassen da ich von AntiVir jetzt ständig Meldungen über einen weiteren Trojaner - TR/Trash.Gen - bekomme. Der scheint sich aber nicht entfernen zu lassen, da die Meldung auch nach 2 Durchläufen noch kommt. Nr. 1 Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6455 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 27.04.2011 13:10:28 mbam-log-2011-04-27 (13-10-28).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152983 Laufzeit: 4 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Delete on reboot. c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kkumopibanov (Trojan.Hiloti) -> Value: Kkumopibanov -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ysefogolog (Trojan.Hiloti) -> Value: Ysefogolog -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. Nr.2 Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6455 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 27.04.2011 13:18:39 mbam-log-2011-04-27 (13-18-39).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152861 Laufzeit: 6 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Agent.U) -> Delete on reboot. c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Agent.U) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kkumopibanov (Trojan.Agent.U) -> Value: Kkumopibanov -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ysefogolog (Trojan.Agent.U) -> Value: Ysefogolog -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Agent.U) -> Quarantined and deleted successfully. c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Agent.U) -> Quarantined and deleted successfully |
| Themen zu TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt |
| 0x00000001, 32 bit, antivir, antivirus, avgntflt.sys, avira, avira antivir, beschädigte, c:\windows\system32\rundll32.exe, dateien versteckt, daten, document, entdeck, excel.exe, extras.txt, festplatte, free, funktionieren, hallo zusammen, helper.exe, hinweis, install.exe, langs, location, löschen, meldung, monitor.exe, neustart, nicht löschen, nicht mehr, nvlddmkm.sys, officejet, oldtimer, ordner, otl.txt, personal, platte, plug-in, programm, programme, rootkit.tdss.gen, saver, searchplugins, shell32.dll, skype.exe, start menu, studio, super, trojan.agent.u, trojaner, usern, warnhinweis, wenig ahnung, windows |
Baum-Darstellung