Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Der neuer GVU-Cam-Trojaner in Abwechslung mit Bundespolizei-Trojaner o.O (https://www.trojaner-board.de/118676-neuer-gvu-cam-trojaner-abwechslung-bundespolizei-trojaner-o-o.html)

Stereotypus 06.07.2012 10:23
Der neuer GVU-Cam-Trojaner in Abwechslung mit Bundespolizei-Trojaner o.O
 
Hallo liebe Schutzengel / Feuerwehrmänner,

ich habe gesündigt und mir den (neuen?) GVU-mit-Webcam-Trojaner eingefangen. Wenn ich den PC neu starte erscheint im wechselzu diesem Trojaner auch mal der Bundespolizei-Nerver.

Anbei meine OTL logs aus dem Abgesicherten Modus mit Netzwerk:

OTL.txt
Code:
OTL logfile created on: 06.07.2012 11:04:58 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,42 Gb Available Physical Memory | 85,55% Memory free
8,00 Gb Paging File | 7,45 Gb Available in Paging File | 93,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863,01 Gb Total Space | 1462,85 Gb Free Space | 78,52% Space Free | Partition Type: NTFS
Drive D: | 372,60 Gb Total Space | 150,71 Gb Free Space | 40,45% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
SRV - (OODefragAgent) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc.                          )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 C8 2F 29 18 40 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/u/0/?shva=1#inbox"
FF - prefs.js..network.proxy.autoconfig_url: "https://secure.premiumize.me/4604bec2c9a584af46d3d92e84db436a/proxy.pac"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Till\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Till\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Till\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Till\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.22 22:21:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.05.29 20:56:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 19:48:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.25 17:21:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011.11.29 02:54:09 | 000,000,000 | ---D | M]
 
[2012.06.22 03:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Till\AppData\Roaming\mozilla\Extensions
[2012.06.22 03:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Till\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.07.04 00:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Till\AppData\Roaming\mozilla\Firefox\Profiles\ttsts9d2.default\extensions
[2012.05.23 21:32:43 | 000,000,000 | ---D | M] ("VWC Cocoon") -- C:\Users\Till\AppData\Roaming\mozilla\Firefox\Profiles\ttsts9d2.default\extensions\firefox-support@vworldc.com
[2012.06.18 19:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.22 22:21:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.05.29 20:56:38 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2012.07.04 00:51:00 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\TILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TTSTS9D2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.24 21:50:37 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\TILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TTSTS9D2.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2012.06.18 19:48:48 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.18 19:48:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 19:48:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 19:48:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.05 21:30:01 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012.06.18 19:48:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 19:48:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 19:48:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.08 00:01:30 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [sadnuseddkinwvm] C:\ProgramData\sadnused.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Till\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [sadnuseddkinwvm] C:\ProgramData\sadnused.exe ()
O4 - Startup: C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk = C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
O4 - Startup: C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B042E560-A487-448D-A1C5-AAA31169DF73}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.17 11:00:04 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autoche)
O34 - HKLM BootExecute: (뮻﷉߾)
O34 - HKLM BootExecute: (ҍ)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.06 10:55:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Till\Desktop\OTL.exe
[2012.07.05 22:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\dhzvewnicffygam
[2012.07.05 21:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012.07.05 21:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2012.07.05 05:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012.07.05 05:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012.07.04 16:12:46 | 000,000,000 | ---D | C] -- C:\Users\Till\Desktop\C2C-Down_The_Road-EP-(28082)-WEB-2012-HHB
[2012.07.03 00:52:41 | 000,000,000 | ---D | C] -- C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge
[2012.07.03 00:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Split and Merge
[2012.06.23 18:30:05 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.23 18:30:05 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.23 18:30:05 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.23 18:29:38 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.23 18:29:38 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.23 18:29:38 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.23 18:29:25 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.23 18:29:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.22 03:40:15 | 000,000,000 | ---D | C] -- C:\Users\Till\AppData\Roaming\WebApps
[2012.06.22 03:37:32 | 000,000,000 | ---D | C] -- C:\Users\Till\AppData\Roaming\Prism
[2012.06.22 03:37:32 | 000,000,000 | ---D | C] -- C:\Users\Till\AppData\Local\Prism
[2012.06.22 03:21:25 | 000,000,000 | ---D | C] -- C:\Users\Till\AppData\Local\RescueTime.com
[2012.06.22 03:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescueTime
[2012.06.22 03:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RescueTime
[2012.06.19 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\Till\AppData\Local\assembly
[2012.06.19 19:56:16 | 000,000,000 | ---D | C] -- C:\Users\Till\.pdfsam
[2012.06.15 14:07:32 | 000,000,000 | ---D | C] -- C:\Users\Till\AppData\Local\Macromedia
[2012.06.14 20:33:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.14 20:33:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.14 20:33:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.14 20:33:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.14 20:33:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.14 20:33:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.14 20:33:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.14 20:33:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.14 20:33:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.14 20:33:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.14 20:33:03 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.14 20:33:03 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.14 20:33:02 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.14 13:01:18 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.14 13:01:18 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.14 13:01:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.14 13:00:50 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.14 13:00:46 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.14 13:00:45 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.14 13:00:40 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.06.14 13:00:39 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.14 13:00:37 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.14 13:00:36 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.06 11:04:14 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.06 11:04:14 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.06 11:04:14 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.06 11:04:14 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.06 11:04:14 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.06 11:00:02 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.06 11:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.06 11:00:01 | 000,842,598 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.07.06 10:53:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.06 10:53:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.06 10:52:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.06 10:51:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Till\Desktop\OTL.exe
[2012.07.05 22:08:26 | 000,000,051 | ---- | M] () -- C:\ProgramData\fxzgfwkzktrdska
[2012.07.05 22:08:15 | 000,061,440 | ---- | M] () -- C:\ProgramData\sadnused.exe
[2012.07.05 22:08:15 | 000,061,440 | ---- | M] () -- C:\Users\Till\0.4426449450635008.exe
[2012.07.05 22:05:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4243625961-2495783755-753139441-1000UA.job
[2012.07.05 22:02:19 | 000,001,886 | ---- | M] () -- C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.05 21:42:23 | 000,002,435 | ---- | M] () -- C:\Users\Public\Desktop\Spec Ops The Line.lnk
[2012.07.05 05:45:17 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2012.07.05 02:05:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4243625961-2495783755-753139441-1000Core.job
[2012.07.04 05:26:04 | 234,605,779 | ---- | M] () -- C:\Users\Till\Desktop\Klangkarussell_-_Hitparade.mp3
[2012.07.03 04:07:10 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.03 04:07:10 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.03 04:07:00 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.07.01 15:59:50 | 000,002,024 | ---- | M] () -- C:\Users\Till\Documents\Desktop Layout Desktop OK.dok
[2012.06.22 03:56:46 | 000,002,431 | ---- | M] () -- C:\Users\Till\Desktop\RescueTimeApp.lnk
[2012.06.22 03:21:25 | 000,001,078 | ---- | M] () -- C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
[2012.06.15 14:06:43 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.15 14:06:43 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.15 14:06:01 | 000,421,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 21:19:59 | 000,005,632 | ---- | M] () -- C:\Users\Till\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.05 22:08:26 | 000,061,440 | ---- | C] () -- C:\ProgramData\sadnused.exe
[2012.07.05 22:08:16 | 000,000,051 | ---- | C] () -- C:\ProgramData\fxzgfwkzktrdska
[2012.07.05 22:08:15 | 000,061,440 | ---- | C] () -- C:\Users\Till\0.4426449450635008.exe
[2012.07.05 22:02:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.07.05 22:02:19 | 000,001,886 | ---- | C] () -- C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.05 21:42:23 | 000,002,435 | ---- | C] () -- C:\Users\Public\Desktop\Spec Ops The Line.lnk
[2012.07.05 05:45:17 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2012.07.04 03:15:35 | 234,605,779 | ---- | C] () -- C:\Users\Till\Desktop\Klangkarussell_-_Hitparade.mp3
[2012.06.22 03:45:14 | 000,002,431 | ---- | C] () -- C:\Users\Till\Desktop\RescueTimeApp.lnk
[2012.06.22 03:21:25 | 000,001,078 | ---- | C] () -- C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.25 19:32:55 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 01:10:28 | 000,944,451 | ---- | C] () -- C:\Users\Till\AppData\Local\census.cache
[2012.01.31 01:10:08 | 000,102,663 | ---- | C] () -- C:\Users\Till\AppData\Local\ars.cache
[2012.01.31 00:58:42 | 000,000,036 | ---- | C] () -- C:\Users\Till\AppData\Local\housecall.guid.cache
[2012.01.18 15:16:17 | 000,004,096 | -H-- | C] () -- C:\Users\Till\AppData\Local\keyfile3.drm
[2012.01.01 22:20:29 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.01 22:20:29 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.11.28 19:11:37 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.28 19:11:36 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.26 03:52:28 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.11.26 03:52:21 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.11.26 03:52:21 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.11.25 22:05:03 | 000,007,605 | ---- | C] () -- C:\Users\Till\AppData\Local\Resmon.ResmonCfg
[2011.11.25 15:41:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.21 18:59:55 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.07.27 22:52:11 | 000,000,059 | ---- | C] () -- C:\Users\Till\AppData\Roaming\GoodnightTimer.ini
[2011.07.22 23:44:24 | 000,005,632 | ---- | C] () -- C:\Users\Till\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.13 21:18:24 | 000,146,755 | ---- | C] () -- C:\Windows\hpoins44.dat
[2011.07.13 21:18:24 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2011.07.12 14:44:10 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2011.07.12 14:44:10 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.07.12 01:19:15 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.07.12 01:13:58 | 000,000,000 | ---- | C] () -- C:\Users\Till\AppData\Roaming\chrtmp
[2011.07.12 01:13:52 | 000,016,384 | ---- | C] () -- C:\Program Files (x86)\explorer.exe
[2011.07.12 00:19:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.20 23:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== LOP Check ==========
 
[2011.11.26 04:44:50 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\.purple
[2012.02.05 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\AeroRainbow
[2011.09.08 00:05:37 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\Canneverbe Limited
[2011.07.12 14:31:14 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\DAEMON Tools Lite
[2012.06.26 20:56:44 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\Dropbox
[2012.03.06 20:04:28 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\Guitar Pro 6
[2011.07.27 22:26:54 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\MineCraftG
[2011.11.27 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\Origin
[2012.06.22 03:45:14 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\Prism
[2011.12.03 19:22:52 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\PunkBuster
[2012.05.29 21:04:46 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\Swiss Academic Software
[2012.05.10 22:17:25 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\TeamViewer
[2012.02.15 01:45:53 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\ts3overlay
[2012.05.28 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\VOS
[2012.06.22 03:56:46 | 000,000,000 | ---D | M] -- C:\Users\Till\AppData\Roaming\WebApps
[2012.06.27 15:53:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Extras.txt

Code:
OTL Extras logfile created on: 06.07.2012 11:04:58 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Till\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,42 Gb Available Physical Memory | 85,55% Memory free
8,00 Gb Paging File | 7,45 Gb Available in Paging File | 93,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863,01 Gb Total Space | 1462,85 Gb Free Space | 78,52% Space Free | Partition Type: NTFS
Drive D: | 372,60 Gb Total Space | 150,71 Gb Free Space | 40,45% Space Free | Partition Type: NTFS
 
Computer Name: TILLUTER | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A854EA-3EE3-4721-BC4A-9445DDFED407}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{11B942DF-ECD3-4D6C-82C2-5B5412DD9ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{21F28B7F-EBC9-4F2F-A47E-1F3FC5DFD85B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{26C619A9-4078-4126-A88F-08FFA6041B0C}" = protocol=6 | dir=in | app=c:\users\till\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3C9C8DB6-B5C3-47FB-9999-6CA1DE6CDB0A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{400A95F9-2AD7-4340-90FC-EE82314567CA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{4680B07E-45E9-423D-966B-146F8E29AAA6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{46D40849-EABB-4C92-9CFD-F827FD5288F4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{4D453D63-DDE2-430E-9E24-081C4E4F3615}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{50E3B9FD-61E3-4A3F-8DBC-2FACB376967F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{563C7593-0302-4AE7-B8E7-E4A58F5D71F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{5DC27405-A370-4CC7-84A4-D6AFC0354535}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6ECFB266-CC2B-4B24-9679-EB9F14E995C5}" = protocol=6 | dir=in | app=c:\users\till\appdata\roaming\dropbox\bin\dropbox.exe |
"{7D83361F-5B34-4664-9C4A-654E7A6750A9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7EBE6AE5-A5BA-461E-BA22-6DE91BB3B747}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{822B8299-770D-43C9-B532-EAFCEAED9D75}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{873855DA-DED6-4135-A7FA-7055B27448E5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{91FD7171-2DC9-4DAB-962B-1926FFF99A2F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{9E9A514D-E54E-4219-BD89-A2DC62CF01F3}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{A6D7D57C-D265-445A-AE7B-81ABEBCAEF30}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A9B85C2C-0628-4736-B4B6-96591259F441}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{AFCB2E54-5965-4520-90CC-1025507FF756}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B0948EEC-12DE-44CC-95BC-2BD33A79FD47}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{BA614375-F2D3-4D5B-950A-55C8C72A5FAB}" = protocol=17 | dir=in | app=c:\users\till\appdata\roaming\dropbox\bin\dropbox.exe |
"{BDA15794-D887-477D-B92D-7D342A6C1416}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{CD60A006-A1B7-4F72-B73E-DFF9FE400F17}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DED06EED-3317-44F0-89DD-DC44EFA5B7BD}" = protocol=17 | dir=in | app=c:\users\till\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E09016F5-6925-46A7-9F3E-2BD569B53579}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E9248EDD-4B10-47F0-BA9F-303D4186A9D0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F461D9DD-E8F2-4141-8A2A-C9FEF3C9C100}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FD0B6F7A-14D7-4B5A-9508-1A397D08CE7B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{09EDFB08-7E3A-459D-9CAC-B102A305342F}C:\program files (x86)\streamtransport\streamtransport.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtransport\streamtransport.exe |
"TCP Query User{41894651-FD6B-40E8-8839-D0C24707D1AC}C:\users\till\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\till\appdata\local\akamai\netsession_win.exe |
"TCP Query User{60D84436-21A6-4EF5-AE4C-2E80668A9424}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{814839E4-8026-4E05-90AC-8D3574AF61C2}C:\program files (x86)\scotland yard\bin\win32\scotlandyard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\scotland yard\bin\win32\scotlandyard.exe |
"TCP Query User{84657CA6-8E17-40C2-A0EA-681593B57224}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A19F0870-011F-49F6-8A59-7DE6C4A5A961}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{D7BAEB7F-EC55-4532-940B-36B70022C8C1}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{DBECDA07-1CF1-4477-A46E-BCBE54AC5A0A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{E02464C0-0FB2-4733-8AFF-D1BC7B92B64B}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe |
"UDP Query User{0A832A54-64AF-45D7-9324-7FD45A3818B8}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe |
"UDP Query User{1B657192-0941-4C64-BE20-6711D8A86ABD}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{6FB88EA4-F2A5-48BC-A0F8-4E4D5023752A}C:\program files (x86)\streamtransport\streamtransport.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtransport\streamtransport.exe |
"UDP Query User{8F901E3B-4DFF-40D8-8B7C-86345AF7ED98}C:\program files (x86)\scotland yard\bin\win32\scotlandyard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\scotland yard\bin\win32\scotlandyard.exe |
"UDP Query User{B7F09B1D-FDF6-490A-8F0B-48D650A6926F}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{CA5ADC72-EEF2-4458-A96A-48D8137AF5DA}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{D321DE37-A708-4174-A2C8-F31B0BEA6A95}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{D7C54E08-8B13-450D-9073-DF6385B9211E}C:\users\till\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\till\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E76AA8C1-4731-48FF-9515-05D2879BBF90}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7D088FD6-67B8-4186-947C-5FB4CC7227B5}" = O&O Defrag Professional
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{118B9B3E-F425-4A11-B640-1C743DD10128}" = Puerto Rico
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.5.1
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{32A0F29D-1F09-41D6-9EAD-EA6512F4BC5A}_is1" = Deus Ex - Human Revolution DELUXE EDITION
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = Catalyst Control Center
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7IL77L-LKS1-75B1-CODMW3-18CD6E6334R1}_is1" = Call of Duty Modern Warfare 3 version 1.0
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1100000-0008-0000-0001-074957833700}" = ABBYY FineReader 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"A3D Output Plug-In (WinAmp)" = A3D Output Plug-In (WinAmp)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AeroRainbow" = AeroRainbow
"Afterburner" = MSI Afterburner 2.1.0
"AndrewLabs ATSurround for Winamp" = AndrewLabs ATSurround for Winamp
"Audacity_is1" = Audacity 1.2.6
"Battlelog Web Plugins" = Battlelog Web Plugins
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"CD Bremse_is1" = CD Bremse 1.49
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"EasyBCD" = EasyBCD 2.1
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"Picasa 3" = Picasa 3
"Pro Pinball : Big Race USA" = Pro Pinball : Big Race USA
"Pro Pinball : Fantastic Journey" = Pro Pinball : Fantastic Journey
"Pro Pinball : Timeshock!" = Pro Pinball : Timeshock!
"PunkBusterSvc" = PunkBuster Services
"Saints Row The Third_is1" = Saints Row The Third
"Spec Ops The Line_is1" = Spec Ops The Line
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"Virtuoso" = Slab DSP - Virtuoso v1.0 (remove only)
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = RoboForm 7-6-4
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.05.2012 09:43:02 | Computer Name = Tilluter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4f8d931e  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000ab18  ID des fehlerhaften Prozesses:
 0x7ac  Startzeit der fehlerhaften Anwendung: 0x01cd3b3f01573fb0  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: b6181bd0-a738-11e1-91e3-915cb8ac2230
 
Error - 09.06.2012 19:05:15 | Computer Name = Tilluter | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.3.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 864    Startzeit:
01cd468cfbd79db0    Endzeit: 943    Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
 3\bf3.exe    Berichts-ID: 
 
Error - 10.06.2012 12:21:04 | Computer Name = Tilluter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GuitarPro.exe, Version: 0.0.0.0,
Zeitstempel: 0x4bc2f466  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00042615  ID des fehlerhaften
 Prozesses: 0x5dc  Startzeit der fehlerhaften Anwendung: 0x01cd4715ed3047b0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 45e33250-b318-11e1-bd33-001d604a9630
 
Error - 10.06.2012 12:46:03 | Computer Name = Tilluter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GuitarPro.exe, Version: 0.0.0.0,
Zeitstempel: 0x4bc2f466  Name des fehlerhaften Moduls: GuitarPro.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4bc2f466  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001f3612  ID des fehlerhaften
 Prozesses: 0x894  Startzeit der fehlerhaften Anwendung: 0x01cd47250a5ecf00  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe  Berichtskennung:
 c35ebbc0-b31b-11e1-bd33-001d604a9630
 
Error - 17.06.2012 07:34:59 | Computer Name = Tilluter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c9db  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000003e315
ID
 des fehlerhaften Prozesses: 0x818  Startzeit der fehlerhaften Anwendung: 0x01cd4c77cc5fa5a0
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 781e7d1c-b870-11e1-8308-001d604a9630
 
Error - 30.06.2012 09:12:14 | Computer Name = Tilluter | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: atiumdva.dll,
 Version: 8.14.10.355, Zeitstempel: 0x4f7e456d  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0011134e  ID des fehlerhaften Prozesses: 0xb0c  Startzeit der fehlerhaften Anwendung:
 0x01cd56bd427de130  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\atiumdva.dll  Berichtskennung: 351a9c18-c2b5-11e1-8d76-b1dae99b9628
 
Error - 05.07.2012 14:43:28 | Computer Name = Tilluter | Source = Application Hang | ID = 1002
Description = Programm saintsrowthethird_dx11.exe, Version 1.0.0.1 kann nicht mehr
 unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: de4    Startzeit: 01cd5ad020cce240    Endzeit: 900    Anwendungspfad:
 C:\Program Files (x86)\THQ\Saints Row The Third\saintsrowthethird_dx11.exe    Berichts-ID:
 
 
Error - 05.07.2012 16:03:50 | Computer Name = Tilluter | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 5b8    Startzeit:
01cd5ae535762430    Endzeit: 37    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 87f2bad1-c6dc-11e1-a964-d2dd59e22615 
 
Error - 06.07.2012 05:01:49 | Computer Name = Tilluter | Source = PerfNet | ID = 2004
Description =
 
Error - 06.07.2012 05:03:52 | Computer Name = Tilluter | Source = PerfNet | ID = 2004
Description =
 
[ System Events ]
Error - 02.02.2012 11:03:45 | Computer Name = Tilluter | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:  %%31
 
Error - 02.02.2012 11:03:45 | Computer Name = Tilluter | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.02.2012 11:03:45 | Computer Name = Tilluter | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.02.2012 11:03:45 | Computer Name = Tilluter | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:  %%31
 
Error - 02.02.2012 11:03:45 | Computer Name = Tilluter | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.02.2012 11:03:45 | Computer Name = Tilluter | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.02.2012 11:03:45 | Computer Name = Tilluter | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 02.02.2012 11:03:45 | Computer Name = Tilluter | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  AFD  AsIO  AsUpIO  CSC  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  vwififlt  Wanarpv6
WfpLwf
 
Error - 14.02.2012 09:34:05 | Computer Name = Tilluter | Source = DCOM | ID = 10010
Description =
 
Error - 18.02.2012 15:29:16 | Computer Name = Tilluter | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:  %%-2147467243
 
 
< End of report >

Tausend Dank!
Stereotypus

cosinus 11.07.2012 15:51
Zitat:
Boot Mode: SafeMode with Networking |
Wenn dieser Modus funktioniert, kannst du erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Stereotypus 13.07.2012 03:01
Hallo Arne,
vielen Dank für die Antwort. Ich habe den Thread vor einer Woche gestartet, mittlerweile bin ich leider im Urlaub. Der PC steht zu Hause, das Problem ist weiterhin da. Bitte mich nicht aus der Beobachtungsliste schmeißen, ich melde mich definitiv am 19.7 mit den Logs!

Liebe Grüße und bis dann,
Stereo

Stereotypus 19.07.2012 23:40
Hier mit 39-minütiger Verspätung die logs:

malwarebytes:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.19.12

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Till :: TILLUTER [Administrator]

19.07.2012 20:36:28
mbam-log-2012-07-19 (20-36-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395004
Laufzeit: 1 Stunde(n), 2 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Program Files (x86)\explorer.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Till\AppData\Local\Temp\0.7084645821329666.exe (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Till\AppData\Local\Temp\0_0u_l.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1816ccb7-3fcfeb81 (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Till\AppData\Roaming\MineCraftG\mine.exe (Trojan.P2P.Worm) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Eset

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f275f6525ac4044aade068ab04ec8e3e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-06 04:27:50
# local_time=2012-07-06 06:27:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 266848 93213911 0 0
# compatibility_mode=8192 67108863 100 0 108 108 0 0
# scanned=372616
# found=12
# cleaned=0
# scan_time=8008
C:\ProgramData\sadnused.exe        a variant of Win32/Kryptik.AHXY trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\sadnused.exe        a variant of Win32/Kryptik.AHXY trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\0.4426449450635008.exe        a variant of Win32/Kryptik.AHXY trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\AppData\Local\Temp\0.7084645821329666.exe        a variant of Win32/Kryptik.ZYW trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\AppData\Local\Temp\0_0u_l.exe        Win32/Reveton.H trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\57e8fcf-78ce3bb9        probably a variant of Java/Exploit.CVE-2012-0507.CP trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6e9f4719-67089fd7        a variant of Java/Exploit.CVE-2011-3544.AO trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\5ee1b6ab-4bb789e4        Java/Agent.DW trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1816ccb7-3fcfeb81        a variant of Win32/Kryptik.ZYW trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\AppData\Roaming\MineCraftG\mine.exe        Win32/PSW.Delf.NYZ trojan (unable to clean)        00000000000000000000000000000000        I
D:\Dokumente und Einstellungen\Till\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16\101659d0-35f27bfb        probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan (unable to clean)        00000000000000000000000000000000        I
D:\Dokumente und Einstellungen\Till\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\44e4ef72-582da2a0        probably a variant of Java/TrojanDownloader.Agent.AB trojan (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f275f6525ac4044aade068ab04ec8e3e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-19 10:07:17
# local_time=2012-07-20 12:07:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 1410536 94357599 0 0
# compatibility_mode=8192 67108863 100 0 1143796 1143796 0 0
# scanned=374635
# found=8
# cleaned=0
# scan_time=7888
C:\ProgramData\sadnused.exe        a variant of Win32/Kryptik.AHXY trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\sadnused.exe        a variant of Win32/Kryptik.AHXY trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\AppData\Local\Mozilla\Firefox\Profiles\ttsts9d2.default\Cache\7\65\D7591d01        JS/Kryptik.RK trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\57e8fcf-78ce3bb9        Java/Exploit.CVE-2012-0507.CU trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6e9f4719-67089fd7        a variant of Java/Exploit.CVE-2011-3544.AO trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\5ee1b6ab-4bb789e4        Java/Agent.DW trojan (unable to clean)        00000000000000000000000000000000        I
D:\Dokumente und Einstellungen\Till\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16\101659d0-35f27bfb        probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan (unable to clean)        00000000000000000000000000000000        I
D:\Dokumente und Einstellungen\Till\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\44e4ef72-582da2a0        probably a variant of Java/TrojanDownloader.Agent.AB trojan (unable to clean)        00000000000000000000000000000000        I
Danke!
Stereo

cosinus 20.07.2012 14:32
Zitat:
C:\Users\Till\AppData\Roaming\MineCraftG\mine.exe (Trojan.P2P.Worm)
Aus welcher Quelle stammt diese mine.exe?

Stereotypus 20.07.2012 15:04
Ich kann es nicht genau sagen. Ich spiele kein Minecraft, und besitze auch keine P2P-Software oder Torrent. Habe gerade nachgeguckt, bis auf in dem AppData-Ordener habe ich auf meinem PC auch nichts, was mit Minecraft in Verbindung steht.
Ich weiß allerdings, das vor mehr als einem Jahr (!) ein Freund bei mir mit einer Minecraft-CD vorbeikam um mir das Spiel vorzustellen. Es gefiel mir nicht, habe es dann wieder deinstalliert. Aber ich glaube dass war gar nicht mehr auf diesem Betriebssystem, sondern auf meinem vorherigen...

Danke!
Stereo

EDIT:

Hab mal recherchiert:

myGully.com - Einzelnen Beitrag anzeigen - Minecraft Beta 1.7.2 +Server 1.7.2 Update 02.07.11
Zitat:
Hm. Seltsam. Anstatt das Spiel zu starten setzt einem die .exe aus dem Ordner der einem jetzt hier angeboten wird nur einen Ordner namens "MineCraftG" in den Roaming Ordner und dieser Ordner wiederrum enthält eine einzige Datei namens "mine.exe" welche als ich sie verwenden wollte einfach mal nichts getan hat. Hat wer ähnliche erfahrungen damit gemacht?
Okay, damit ist die Sache eindeutig. das war die CD vom Kumpel. Ärgerlich, ich hielt ihn eigentlich für deutlich versierter und er hat mir auch versichert, es wäre eine offizielle Beta-Version. Hatte vorher noch nie von Minecraft gehört...

cosinus 21.07.2012 13:19
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Stereotypus 21.07.2012 13:26
Nein, der normale Modus geht noch nicht wieder, auch nicht bei gekappter inetverbindung.
Im abgesicherten Modus sieht das startmenu soweit i.o. aus.

cosinus 23.07.2012 13:36
Zitat:
Hab mal recherchiert:

myGully.com - Einzelnen Beitrag anzeigen - Minecraft Beta 1.7.2 +Server 1.7.2 Update 02.07.11
Angesichert dieser Tatsache würde ich dir eine Neuinstallation empfehlen.
Gully ist bekannt für gecrackte Software! :pfui:


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131