Trojaner-Board - TR/Crypt.XPACK.Gen3

Hallo,

ich habe mir auch diesen Mist eingefangen!!!
Hilfe!

Logs:

OTL.txt
OTL EXTRAS Logfile:

Code:

OTL logfile created on: 12.10.2010 18:14:00 - Run 1

OTL by OldTimer - Version 3.2.15.1     Folder = C:\Users\Sascha\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free

7,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 117,19 Gb Total Space | 38,26 Gb Free Space | 32,65% Space Free | Partition Type: NTFS

Drive D: | 292,97 Gb Total Space | 230,76 Gb Free Space | 78,77% Space Free | Partition Type: NTFS

Drive E: | 465,65 Gb Total Space | 139,04 Gb Free Space | 29,86% Space Free | Partition Type: FAT32

Drive Z: | 7,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: SASCHA-PC | User Name: Sascha | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Sascha\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\Sascha\AppData\Local\Temp\dfrgsnapnt.exe ()

PRC - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

PRC - C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)

PRC - C:\Program Files\D-Link\DWA-547 revA\wirelesscm.exe (D-Link Corp.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Sascha\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (jswpsapi) -- C:\Program Files\D-Link\DWA-547 revA\jswpsapi.exe (Atheros Communications, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (PCANDIS5) -- C:\Windows\System32\PCANDIS5.SYS File not found

DRV - (odysseyIM3) -- C:\Windows\System32\DRIVERS\odysseyIM3.sys File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)

DRV - (rt61x86) -- C:\Windows\System32\drivers\WMP54Gv41x86.sys (Ralink Technology Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()

DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)

DRV - (TNET1130) -- C:\Windows\System32\drivers\GPlus.sys ()

DRV - (hp4200c) -- C:\Windows\System32\drivers\hp4200c.sys (Hewlett-Packard)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - prefs.js..extensions.enabledItems: {B013C95F-0ECE-4C67-A63C-7EAB8826C18D}:1.9.1

 

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.27 20:38:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.06.24 20:27:32 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.24 11:10:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.22 15:57:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.06.24 20:27:34 | 000,000,000 | ---D | M]

 

[2010.04.11 13:44:52 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\mozilla\Extensions

[2010.04.11 13:44:52 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2010.10.11 20:30:05 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\sx7yw0cp.default\extensions

[2010.04.27 18:12:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\sx7yw0cp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.03.26 17:07:24 | 000,000,950 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Mozilla\FireFox\Profiles\sx7yw0cp.default\searchplugins\icqplugin-1.xml

[2010.02.22 19:54:21 | 000,000,168 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Mozilla\FireFox\Profiles\sx7yw0cp.default\searchplugins\icqplugin.gif

[2010.02.22 19:54:21 | 000,000,618 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Mozilla\FireFox\Profiles\sx7yw0cp.default\searchplugins\icqplugin.src

[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Mozilla\FireFox\Profiles\sx7yw0cp.default\searchplugins\icqplugin.xml

[2010.10.05 20:58:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010.03.13 16:48:35 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.03.13 16:48:36 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.03.13 16:48:36 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.03.13 16:48:36 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.03.13 16:48:36 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.12.31 02:43:59 | 000,001,455 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com

O1 - Hosts: 127.0.0.1 2O7.net

O1 - Hosts: 127.0.0.1 192.168.112.2O7.net

O1 - Hosts: 127.0.0.1 im.adtech.de

O1 - Hosts: 127.0.0.1 adserver.adtech.de

O1 - Hosts: 127.0.0.1 adtech.de

O1 - Hosts: 127.0.0.1 atwola.com

O1 - Hosts: 127.0.0.1 adserver.71i.de

O1 - Hosts: 127.0.0.1 adicqserver.71i.de

O1 - Hosts: 2 more lines...

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [hplampc] C:\Windows\System32\hplampc.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: []  File not found

O4 - HKCU..\Run: [dfrgsnapnt.exe] C:\Users\Sascha\AppData\Local\Temp\dfrgsnapnt.exe ()

O4 - HKCU..\Run: [Lhilivano] C:\Users\Sascha\AppData\Local\udoyubaderoteg.DLL (CyberLink Corp.)

O4 - HKCU..\Run: [Nniluvupoqoxevu] C:\Users\Sascha\AppData\Local\dbacod1.DLL (trbarry@trbarry.com)

O4 - HKCU..\Run: [poihshhshs.exe] C:\poihshhshs.exe\poihshhshs.exe (G Data Software AG)

O4 - Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O8 - Extra context menu item: Free YouTube Download - C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009.10.07 20:36:50 | 000,000,043 | R--- | M] () - Z:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{28ab29da-a93a-11de-ab15-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{28ab29da-a93a-11de-ab15-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\Setup.exe -- [2009.10.09 02:00:30 | 000,345,360 | R--- | M] (Valve Corporation)

O33 - MountPoints2\{363c1ded-c193-11de-af40-001a4f9fa71f}\Shell\AutoRun\command - "" = kikvko.exe

O33 - MountPoints2\{363c1ded-c193-11de-af40-001a4f9fa71f}\Shell\explore\Command - "" = kikvko.exe

O33 - MountPoints2\{363c1ded-c193-11de-af40-001a4f9fa71f}\Shell\open\Command - "" = kikvko.exe

O33 - MountPoints2\{9081fa02-4d44-11df-809b-00261891040b}\Shell\AutoRun\command - "" = F:\kikvko.exe -- File not found

O33 - MountPoints2\{9081fa02-4d44-11df-809b-00261891040b}\Shell\explore\Command - "" = F:\kikvko.exe -- File not found

O33 - MountPoints2\{9081fa02-4d44-11df-809b-00261891040b}\Shell\open\Command - "" = F:\kikvko.exe -- File not found

O33 - MountPoints2\{9f072f0b-4556-11df-9ac7-00261891040b}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found

O33 - MountPoints2\{a4cacd80-add9-11de-a594-001a4f9fa71f}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found

O33 - MountPoints2\{c05c803f-a93d-11de-91b0-00261891040b}\Shell - "" = AutoRun

O33 - MountPoints2\{c05c803f-a93d-11de-91b0-00261891040b}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.10.11 20:28:31 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\{B013C95F-0ECE-4C67-A63C-7EAB8826C18D}

[2010.10.11 20:25:36 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\DBControl

[2010.10.05 20:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader

[2010.10.05 20:52:16 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010.10.05 20:52:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010.10.05 20:52:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010.09.29 18:00:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010.09.26 15:55:30 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\4Tunes HP

[2010.09.26 15:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Explorer

[2010.09.23 19:05:20 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\Xara

[2010.09.23 19:05:20 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\MAGIX

[2010.09.23 19:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX

[2010.09.23 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\Magix Web Designer 6 + CONTENT & Crack

[2010.09.23 19:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2010.09.23 18:39:15 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry

[2010.09.23 18:38:01 | 000,000,000 | -H-D | C] -- C:\Users\Sascha\InstallAnywhere

[2010.09.19 13:21:15 | 000,669,184 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\ipeistor11.dll

[2010.09.19 13:21:15 | 000,350,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn70n.dll

[2010.09.19 13:21:15 | 000,324,096 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\ipebase11.dll

[2010.09.19 13:21:15 | 000,224,768 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP70n.DLL

[2010.09.19 13:21:15 | 000,111,104 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpng70n.dll

[2010.09.19 13:21:15 | 000,093,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftif70n.dll

[2010.09.19 13:21:15 | 000,066,560 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\ipeapi11.dll

[2010.09.19 13:21:15 | 000,055,808 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lffax70n.dll

[2010.09.19 13:21:15 | 000,055,296 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil70n.DLL

[2010.09.19 13:21:15 | 000,040,448 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hplampc.exe

[2010.09.19 13:21:15 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lffpx70n.dll

[2010.09.19 13:21:15 | 000,032,768 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfgif70n.dll

[2010.09.19 13:21:15 | 000,032,768 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpsjrreg.exe

[2010.09.19 13:21:15 | 000,025,524 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpsctrlc.cpl

[2010.09.19 13:21:15 | 000,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcx70n.dll

[2010.09.19 13:21:15 | 000,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp70n.dll

[2010.09.19 13:21:15 | 000,014,336 | ---- | C] (Hewlett-Packard, GHC) -- C:\Windows\System32\reg32.dll

[2010.09.19 13:21:15 | 000,009,312 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\drivers\hp4200c.sys

[2010.09.19 13:21:14 | 000,000,000 | ---D | C] -- C:\SCANJET

[2010.09.15 15:58:11 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL

[2009.09.28 12:39:52 | 000,199,168 | ---- | C] (CyberLink Corp.) -- C:\Users\Sascha\AppData\Local\udoyubaderoteg.dll

[2009.09.28 12:39:52 | 000,078,848 | ---- | C] (trbarry@trbarry.com) -- C:\Users\Sascha\AppData\Local\dbacod1.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.10.12 18:10:17 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.10.12 18:10:16 | 000,632,004 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.10.12 18:10:16 | 000,127,072 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.10.12 18:10:16 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.10.12 18:04:22 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010.10.12 18:04:22 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010.10.12 18:04:19 | 000,000,120 | ---- | M] () -- C:\Users\Sascha\AppData\Local\Uvifomipusovo.dat

[2010.10.12 18:04:18 | 000,000,000 | ---- | M] () -- C:\Users\Sascha\AppData\Local\Dzimuto.bin

[2010.10.12 18:03:28 | 000,004,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.10.12 18:03:28 | 000,004,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.10.12 18:03:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.10.12 18:03:12 | 3488,731,136 | -HS- | M] () -- C:\hiberfil.sys

[2010.10.05 22:23:04 | 000,002,597 | ---- | M] () -- C:\Users\Sascha\Desktop\Word 2003.lnk

[2010.10.05 20:59:38 | 000,000,764 | ---- | M] () -- C:\Users\Sascha\Desktop\CCleaner.lnk

[2010.10.05 20:56:47 | 000,000,104 | ---- | M] () -- C:\Users\Sascha\Desktop\Computer - Verknüpfung.lnk

[2010.10.05 20:52:39 | 000,000,790 | ---- | M] () -- C:\Users\Sascha\Desktop\JDownloader.lnk

[2010.10.05 20:52:04 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010.10.05 20:52:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010.10.05 20:52:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010.10.05 20:52:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2010.10.03 05:05:30 | 000,096,670 | ---- | M] () -- C:\Users\Sascha\Desktop\stuecke.jpg

[2010.10.03 04:22:29 | 000,024,064 | ---- | M] () -- C:\Users\Sascha\Documents\http.doc

[2010.09.29 18:01:16 | 000,000,992 | ---- | M] () -- C:\Users\Sascha\Desktop\DVDVideoSoft Free Studio.lnk

[2010.09.28 22:46:42 | 000,137,976 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2010.09.28 22:46:33 | 000,234,280 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr

[2010.09.27 22:55:49 | 000,024,064 | ---- | M] () -- C:\Users\Sascha\Desktop\http.doc

[2010.09.26 23:29:19 | 000,257,871 | ---- | M] () -- C:\Users\Sascha\Desktop\harlekindez2009-13.jpg

[2010.09.26 15:16:47 | 000,164,545 | ---- | M] () -- C:\Users\Sascha\Desktop\02_AkkordeEinsteiger.pdf

[2010.09.26 15:12:21 | 000,000,807 | ---- | M] () -- C:\Users\Sascha\Desktop\Guitar Explorer.lnk

[2010.09.24 15:25:03 | 002,200,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010.09.23 19:05:18 | 000,000,487 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6 Download-Version.lnk

[2010.09.23 18:40:03 | 000,000,709 | ---- | M] () -- C:\Users\Sascha\Desktop\Xpage Internet Studio 6 Special Edition.lnk

[2010.09.19 14:36:52 | 000,253,267 | ---- | M] () -- C:\Users\Sascha\Desktop\Altersverifikation.jpg

[2010.09.19 14:17:30 | 000,039,508 | ---- | M] () -- C:\Users\Sascha\Desktop\Perso_rückseite.JPG

[2010.09.19 14:15:52 | 000,053,147 | ---- | M] () -- C:\Users\Sascha\Desktop\Perso_vorderseite.JPG

[2010.09.19 13:21:18 | 000,001,480 | ---- | M] () -- C:\Windows\AUTOLNCH.REG

[2010.09.19 13:21:17 | 000,014,952 | ---- | M] () -- C:\Windows\HPSETUP.INI

[2010.09.19 13:16:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010.09.19 13:16:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

 
 ========== Files Created - No Company Name ==========

 

[2010.10.11 20:28:32 | 000,000,120 | ---- | C] () -- C:\Users\Sascha\AppData\Local\Uvifomipusovo.dat

[2010.10.11 20:28:32 | 000,000,000 | ---- | C] () -- C:\Users\Sascha\AppData\Local\Dzimuto.bin

[2010.10.11 20:25:36 | 000,000,000 | ---- | C] () -- C:\Users\Sascha\AppData\Local\googleupdate.log

[2010.10.05 20:56:47 | 000,000,104 | ---- | C] () -- C:\Users\Sascha\Desktop\Computer - Verknüpfung.lnk

[2010.10.05 20:52:39 | 000,000,790 | ---- | C] () -- C:\Users\Sascha\Desktop\JDownloader.lnk

[2010.10.03 05:05:29 | 000,096,670 | ---- | C] () -- C:\Users\Sascha\Desktop\stuecke.jpg

[2010.10.03 04:22:28 | 000,024,064 | ---- | C] () -- C:\Users\Sascha\Documents\http.doc

[2010.09.27 22:48:57 | 000,024,064 | ---- | C] () -- C:\Users\Sascha\Desktop\http.doc

[2010.09.26 23:29:18 | 000,257,871 | ---- | C] () -- C:\Users\Sascha\Desktop\harlekindez2009-13.jpg

[2010.09.26 15:16:47 | 000,164,545 | ---- | C] () -- C:\Users\Sascha\Desktop\02_AkkordeEinsteiger.pdf

[2010.09.26 15:12:21 | 000,000,807 | ---- | C] () -- C:\Users\Sascha\Desktop\Guitar Explorer.lnk

[2010.09.23 19:05:18 | 000,000,487 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 6 Download-Version.lnk

[2010.09.23 18:40:03 | 000,000,709 | ---- | C] () -- C:\Users\Sascha\Desktop\Xpage Internet Studio 6 Special Edition.lnk

[2010.09.19 14:22:40 | 000,253,267 | ---- | C] () -- C:\Users\Sascha\Desktop\Altersverifikation.jpg

[2010.09.19 14:22:40 | 000,053,147 | ---- | C] () -- C:\Users\Sascha\Desktop\Perso_vorderseite.JPG

[2010.09.19 14:22:40 | 000,039,508 | ---- | C] () -- C:\Users\Sascha\Desktop\Perso_rückseite.JPG

[2010.09.19 13:21:18 | 000,001,480 | ---- | C] () -- C:\Windows\AUTOLNCH.REG

[2010.09.19 13:21:15 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll

[2010.09.19 13:21:15 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll

[2010.09.19 13:20:58 | 000,014,952 | ---- | C] () -- C:\Windows\HPSETUP.INI

[2010.09.19 13:16:42 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2010.09.19 13:16:42 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010.09.13 15:16:19 | 000,846,336 | ---- | C] () -- C:\Users\Sascha\Desktop\pbsetup.exe

[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010.03.15 19:32:30 | 000,000,254 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010.02.08 23:44:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2010.01.25 20:48:21 | 000,283,392 | ---- | C] () -- C:\Windows\System32\drivers\GPlus.sys

[2009.12.30 23:47:33 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2009.12.05 19:38:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009.11.14 13:00:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.09.30 18:04:12 | 000,124,416 | ---- | C] () -- C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.30 18:01:59 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI

[2009.09.30 16:11:58 | 000,000,824 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009.09.28 12:39:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.09.25 14:45:26 | 000,138,056 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\PnkBstrK.sys

[2009.09.25 14:45:26 | 000,137,976 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2009.09.25 14:45:07 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini

[2009.09.25 14:22:25 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.09.24 21:00:42 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2009.09.24 20:59:45 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

[2009.09.24 20:59:41 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini

[2009.09.24 20:59:38 | 000,028,191 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2009.09.24 20:59:38 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

[2009.09.24 20:55:26 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009.09.24 20:55:26 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009.09.24 20:51:08 | 000,000,680 | ---- | C] () -- C:\Users\Sascha\AppData\Local\d3d9caps.dat

[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

 
 ========== Files - Unicode (All) ==========

[2009.12.16 23:35:44 | 000,000,000 | ---D | M](C:\Users\Sascha\AppData\Roaming\???????sAppData) -- C:\Users\Sascha\AppData\Roaming\敎潲䍄敔灭慬整sAppData

[2009.12.16 23:35:44 | 000,000,000 | ---D | M](C:\Users\Sascha\AppData\Roaming\???????sAppData) -- C:\Users\Sascha\AppData\Roaming\敎潲䍄敔灭慬整sAppData

(C:\Users\Sascha\AppData\Roaming\???????sAppData) -- C:\Users\Sascha\AppData\Roaming\敎潲䍄敔灭慬整sAppData
 

< End of report >

--- --- ---

Extras.txt

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 12.10.2010 18:14:00 - Run 1

OTL by OldTimer - Version 3.2.15.1     Folder = C:\Users\Sascha\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free

7,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 117,19 Gb Total Space | 38,26 Gb Free Space | 32,65% Space Free | Partition Type: NTFS

Drive D: | 292,97 Gb Total Space | 230,76 Gb Free Space | 78,77% Space Free | Partition Type: NTFS

Drive E: | 465,65 Gb Total Space | 139,04 Gb Free Space | 29,86% Space Free | Partition Type: FAT32

Drive Z: | 7,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: SASCHA-PC | User Name: Sascha | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0411ABD8-FD01-4BC0-873D-8785192BC2B5}" = protocol=17 | dir=in | app=d:\games\far cry 2\bin\fc2editor.exe | 

"{0552BF2A-26A2-4639-9090-B12AD4D283D4}" = protocol=6 | dir=in | app=d:\games\battlefield 2\bf2.exe | 

"{0554BBD1-A325-4079-B33D-A2B0CDC2EADB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{089CE419-B559-4AD6-8D81-FB22893C329C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 

"{0BC79075-32F6-4D11-A406-BB27CFBDF97D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{1402CEB6-509C-49C8-A1CF-D9E1FC2C868B}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 

"{14CD8DA5-5992-4527-B742-3351B98285FD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{15882BC1-B64A-4C59-93ED-678BC27ACA16}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 

"{1FF62AC0-2146-42C7-B300-2452349D1A41}" = protocol=17 | dir=in | app=d:\games\ventrilo\ventrilo.exe | 

"{239DFE66-B813-40EB-AC90-0D1FDAC6073E}" = protocol=17 | dir=in | app=d:\games\far cry 2\bin\fc2launcher.exe | 

"{283897EB-05FD-46ED-9140-9E2E8CC7820A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 

"{2B4FDABC-193C-4447-A63F-BB7483238F71}" = protocol=6 | dir=in | app=d:\games\ventrilo\ventrilo.exe | 

"{2EBF6DF4-5260-4ACE-9672-0822E3D77FCA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 

"{3106A56A-8B2B-4394-8EA3-B7A9798BFF66}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{325B8CC0-1F4A-4F79-AA0C-D0668E261CD6}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 

"{389323DC-82FC-4D65-83D6-3FB373B1DC5E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{4608BC99-4976-4E18-BD78-CA2C13B61960}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{4816AD6C-D81E-45F5-8B77-8CDF209E46F5}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 

"{52B4853B-BB5C-4B65-ACCB-079A4C30CDA5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{5432636F-A4C9-4427-B07A-DD64BD61E9B5}" = protocol=17 | dir=in | app=d:\games\battlefield bad company 2\bfbc2updater.exe | 

"{56A49999-EB6F-48E4-871B-874CA8C2931C}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 

"{57493259-4157-4CFF-82F8-4658CEC0A77E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{57AE3675-FEC4-419A-BC8D-9813B3C34A54}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 

"{589B9626-6B2F-4C73-9A21-B99D30AEC73B}" = protocol=6 | dir=in | app=d:\games\far cry 2\bin\fc2launcher.exe | 

"{5AA4F596-5910-4B36-89C4-5CD322CFBF15}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 

"{6088E39D-A9ED-4AAC-A841-D52B7FF72BB0}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 

"{71EA4A8E-2421-479F-A870-5262DD3D467E}" = protocol=6 | dir=in | app=d:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe | 

"{72CCD8B8-7FB7-49BC-8DC8-89E3D442A26F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{738901B0-0F43-4E3C-971F-AFE50932FB9C}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 

"{7A8E103F-1437-40B9-963C-3AC0DA24BF55}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{7FD90C43-694A-4253-9403-C5B87B0D2172}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 

"{8119AD5F-EB6F-49BB-8289-6B23B867E974}" = protocol=17 | dir=in | app=d:\games\far cry 2\bin\farcry2.exe | 

"{814B751E-2145-4370-88DA-9602F33638A5}" = protocol=6 | dir=in | app=d:\games\far cry 2\bin\fc2editor.exe | 

"{89222A0A-1446-4D59-88BD-235EF892DFD3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{8FE14C5B-78C2-4B55-9F1D-7231552D2897}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{93A3201F-B6FA-4AB3-B131-F7CE1AFEE1B8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 

"{945D4E6E-B30C-41DA-8D33-9A19E5166AD4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{952537EA-B1A1-4070-8880-5E311EB79B04}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 

"{9A85AC1B-B68F-4BD0-851C-C83310AD0DA0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{A79EA109-EE22-463A-9A6D-52913F6A4714}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 

"{A905B871-1580-49FB-8F89-279D3587F8D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{ADDABE20-66FA-4316-82E8-3DD514A180BA}" = protocol=6 | dir=in | app=d:\games\battlefield 2\bf2.exe | 

"{B246D0F7-B148-4019-8540-005B399C990E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{B858A9EC-CD8F-4C2E-844D-619043D4C140}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 

"{B8C4D8AD-41B9-4032-A365-9524C667F2A1}" = protocol=6 | dir=in | app=d:\games\far cry 2\bin\farcry2.exe | 

"{BB214E50-B739-4D72-93E0-129C83B4AB87}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 

"{BFDB845F-3344-4A75-B1D6-1D0DD947F653}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{CA71E7EB-CECB-4ECC-8663-3F29735B9641}" = protocol=17 | dir=in | app=d:\games\batman arkham asylum\binaries\shippingpc-bmgame.exe | 

"{D5843364-DF03-4AD6-A603-2936FC3B4AC9}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 

"{D8E5CCD2-7635-43C2-8D06-4C9DCB17A0F9}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 

"{DC9AE804-9A42-4875-BBA0-7B77458F46A8}" = protocol=17 | dir=in | app=d:\games\battlefield 2\bf2.exe | 

"{E14F9A82-0EB0-40D4-BFF0-76AB66C9C963}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 

"{E20C64E9-16AB-4F46-9BC7-08DB4D8FCEE7}" = protocol=6 | dir=in | app=d:\games\battlefield bad company 2\bfbc2updater.exe | 

"{E38DB545-3708-4DF8-9DBA-A3D971A73B6F}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 

"{E649F177-223D-4953-A18E-E952A6A4BA8B}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"{EC88690E-5F97-4446-8C99-A114ED75A7C9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{EE7E6D66-B574-4646-95F1-6E9AE1E2030F}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 

"{F05F70DA-E073-48D3-A6B6-1BC9FC30A9A0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 

"{F137ECEB-C614-432F-86E5-8E64A9662831}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{F22D4951-2EA2-47A6-8F33-CC6ABBB2F90A}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 

"{F2F9A031-2A51-4B08-B246-684B18C3902B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{F37F6655-D54C-4159-87D2-A6989F2500A2}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"{F8CFF3B1-85DA-4562-A582-7FA0F235C474}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{FE24BB20-1768-4974-B23E-1C5F6F15EFA2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 

"{FE258A41-252D-4DCB-B3B8-F88F26E0CDCD}" = protocol=17 | dir=in | app=d:\games\battlefield 2\bf2.exe | 

"TCP Query User{076B81EF-B8D2-4901-8941-404EC25E1F7D}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 

"TCP Query User{2C9CFADA-32E7-4FB1-8A08-698011B09863}D:\software\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\software\jre\bin\javaw.exe | 

"TCP Query User{2D23F686-FF1B-4F24-8C35-67F7E4B8698D}D:\games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\games\battlefield bad company 2\bfbc2game.exe | 

"TCP Query User{4C8E9B25-4C99-410D-A86A-5D78DF9C6CA7}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 

"TCP Query User{666077AA-E6B8-4DC3-8736-9637BE054B78}D:\games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\games\battlefield bad company 2\bfbc2game.exe | 

"TCP Query User{7DD582B2-0B9B-4333-B112-AFBDA1028470}C:\program files\activision\call of duty - world at war\codwawmp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 

"TCP Query User{853BD3F1-12BC-44C0-B994-AF040122A3FF}D:\games\steam\steamapps\jcvanhorn\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\jcvanhorn\day of defeat source\hl2.exe | 

"TCP Query User{906A86FB-EA24-401E-97FE-55006379A764}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 

"TCP Query User{BB30B367-BB21-447D-81A7-423AE0820273}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 

"TCP Query User{FFA5A690-81EE-4573-B717-69612FFAB69B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{0FD36EB3-FAEF-4929-9DE4-55956F2B655D}D:\games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\games\battlefield bad company 2\bfbc2game.exe | 

"UDP Query User{1A29D0F8-ADE5-4FB3-84B0-251CA2B52379}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 

"UDP Query User{24398EE3-28EF-471B-8A6C-63A6AFEC609C}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 

"UDP Query User{301DAC37-A6FA-4697-8933-09A159636130}C:\program files\activision\call of duty - world at war\codwawmp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 

"UDP Query User{35C09772-2DA9-4864-B17B-8898A60048C0}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 

"UDP Query User{58344156-687E-4EC2-88F6-CA50A71DB525}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 

"UDP Query User{5B365AF6-DE2E-4728-98CA-B2A42F088ED0}D:\software\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\software\jre\bin\javaw.exe | 

"UDP Query User{8C9250EE-3E04-4151-87AA-2A01EC9F1956}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{C7CD7655-A410-4C6B-A4E6-65519BBD4A27}D:\games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\games\battlefield bad company 2\bfbc2game.exe | 

"UDP Query User{F959EB65-E537-4088-BE05-ED523EC76B6D}D:\games\steam\steamapps\jcvanhorn\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\jcvanhorn\day of defeat source\hl2.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater

"{0DEE907D-C36B-40F8-A205-DB86B6BFB5DA}" = MAGIX Web Designer 6 Download-Version

"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform

"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite

"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{28079FEA-7C6D-FEBC-B2F0-A74E226FDBD7}" = ATI Catalyst Install Manager

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE

"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine

"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{6609A4EB-CB71-422C-AA43-BBE75705D049}" = MAGIX Web Designer 6 Content

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{7B01FD07-1790-4EE9-B5E0-149527D70C7D}" = Nokia Ovi Suite

"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10

"{8ED5D0B7-A193-413F-815A-530BE36B38F7}" = Spamihilator 0.9.9.53 (32-Bit)

"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{CB4BB3FD-684F-41BD-B08D-50ED0B2A24DF}" = DWA-547

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFABC775-5386-4BA5-86B4-505BBD36E812}" = Batman: Arkham Asylum Game of the Year Edition

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)

"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)

"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"7-Zip" = 7-Zip 4.65

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch

"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1

"Free YouTube Download_is1" = Free YouTube Download 2.9

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5

"GameSpy Arcade" = GameSpy Arcade

"Guitar Explorer 1.0" = Guitar Explorer 1.0

"HP PrecisionScan LT Software" = HP PrecisionScan LT Software

"HPOCR" = OCR Software by I.R.I.S. 10.0

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager

"JDownloader" = JDownloader

"MAGIX_MSI_Web_Designer_6" = MAGIX Web Designer 6 Download-Version

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)

"Nokia Ovi Suite" = Nokia Ovi Suite

"Nokia PC Suite" = Nokia PC Suite

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"PunkBusterSvc" = PunkBuster Services

"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Steam App 300" = Day of Defeat: Source

"TomTom HOME" = TomTom HOME 2.7.3.1894

"Uninstall_is1" = Uninstall 1.0.0.1

"Unlocker" = Unlocker 1.8.9

"waterMark V2" = waterMark V2

"WinRAR archiver" = WinRAR

"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6

"Xpage Internet Studio 6 Special Edition" = Xpage Internet Studio 6 Special Edition

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 05.09.2010 16:27:21 | Computer Name = Sascha-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung BF2VoiceSetup.exe, Version 0.0.0.0, Zeitstempel

 0x428ca89a, fehlerhaftes Modul BF2VoiceSetup.exe, Version 0.0.0.0, Zeitstempel 

0x428ca89a, Ausnahmecode 0xc0000005, Fehleroffset 0x00008661,  Prozess-ID 0x63c, Anwendungsstartzeit

 01cb4d38a4d657d6.

 

Error - 05.09.2010 16:29:08 | Computer Name = Sascha-PC | Source = VSS | ID = 8194

Description = 

 

Error - 05.09.2010 16:33:11 | Computer Name = Sascha-PC | Source = VSS | ID = 8194

Description = 

 

Error - 05.09.2010 16:37:23 | Computer Name = Sascha-PC | Source = VSS | ID = 8194

Description = 

 

Error - 05.09.2010 16:45:06 | Computer Name = Sascha-PC | Source = VSS | ID = 8194

Description = 

 

Error - 16.09.2010 06:41:13 | Computer Name = Sascha-PC | Source = VSS | ID = 8194

Description = 

 

Error - 23.09.2010 13:04:17 | Computer Name = Sascha-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung WebDesigner.exe, Version 6.0.1.12244, Zeitstempel

 0x4bcc5fe6, fehlerhaftes Modul XaraDraw.dll, Version 6.0.6002.18005, Zeitstempel

 0x49e03821, Ausnahmecode 0xc0000135, Fehleroffset 0x00009eed,  Prozess-ID 0xc90, 

Anwendungsstartzeit 01cb5b415a84f2fb.

 

Error - 11.10.2010 14:25:36 | Computer Name = Sascha-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel

 0x49e01da5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,

 Ausnahmecode 0xc0000417, Fehleroffset 0x028c457e,  Prozess-ID 0xc, Anwendungsstartzeit

 01cb696ee85f9141.

 

Error - 11.10.2010 14:25:36 | Computer Name = Sascha-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6002.18005, Zeitstempel

 0x49e01b94, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,

 Ausnahmecode 0xc0000417, Fehleroffset 0x1000457e,  Prozess-ID 0x788, Anwendungsstartzeit

 01cb696ee83218a1.

 

Error - 11.10.2010 14:27:03 | Computer Name = Sascha-PC | Source = VSS | ID = 8194

Description = 

 

[ System Events ]

Error - 07.10.2010 12:47:26 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 07.10.2010 16:28:01 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 08.10.2010 07:28:41 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 08.10.2010 17:13:41 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 09.10.2010 08:05:50 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.10.2010 07:07:05 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.10.2010 08:04:45 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.10.2010 15:04:47 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 11.10.2010 14:07:14 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 12.10.2010 12:04:53 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000

Description = 

 

 

< End of report >

--- --- ---

Danke schonmal!

Code:


 

Avira AntiVir Personal

Erstellungsdatum der Reportdatei: Mittwoch, 13. Oktober 2010  21:39
 

Es wird nach 2925284 Virenstämmen gesucht.
 

Lizenznehmer   : Avira AntiVir Personal - FREE Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows Vista

Windowsversion : (Service Pack 2)  [6.0.6002]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : SASCHA-PC
 

Versionsinformationen:

BUILD.DAT      : 9.0.0.422     21701 Bytes  09.03.2010 10:23:00

AVSCAN.EXE     : 9.0.3.10     466689 Bytes  08.12.2009 17:17:32

AVSCAN.DLL     : 9.0.3.0       49409 Bytes  13.02.2009 11:04:10

LUKE.DLL       : 9.0.3.2      209665 Bytes  20.02.2009 10:35:44

LUKERES.DLL    : 9.0.2.0       13569 Bytes  26.01.2009 09:41:59

VBASE000.VDF   : 7.10.0.0   19875328 Bytes  06.11.2009 21:32:21

VBASE001.VDF   : 7.10.1.0    1372672 Bytes  19.11.2009 21:32:27

VBASE002.VDF   : 7.10.3.1    3143680 Bytes  20.01.2010 22:58:38

VBASE003.VDF   : 7.10.3.75    996864 Bytes  26.01.2010 18:55:43

VBASE004.VDF   : 7.10.4.203   1579008 Bytes  05.03.2010 00:54:50

VBASE005.VDF   : 7.10.6.82   2494464 Bytes  15.04.2010 22:38:16

VBASE006.VDF   : 7.10.7.218   2294784 Bytes  02.06.2010 12:16:40

VBASE007.VDF   : 7.10.9.165   4840960 Bytes  23.07.2010 19:57:05

VBASE008.VDF   : 7.10.11.133   3454464 Bytes  13.09.2010 15:54:48

VBASE009.VDF   : 7.10.11.134      2048 Bytes  13.09.2010 15:54:48

VBASE010.VDF   : 7.10.11.135      2048 Bytes  13.09.2010 15:54:48

VBASE011.VDF   : 7.10.11.136      2048 Bytes  13.09.2010 15:54:48

VBASE012.VDF   : 7.10.11.137      2048 Bytes  13.09.2010 15:54:48

VBASE013.VDF   : 7.10.11.165    172032 Bytes  15.09.2010 17:26:59

VBASE014.VDF   : 7.10.11.202    144384 Bytes  18.09.2010 10:58:16

VBASE015.VDF   : 7.10.11.231    129024 Bytes  21.09.2010 15:55:35

VBASE016.VDF   : 7.10.12.4    126464 Bytes  23.09.2010 18:47:03

VBASE017.VDF   : 7.10.12.38    146944 Bytes  27.09.2010 16:17:56

VBASE018.VDF   : 7.10.12.64    133120 Bytes  29.09.2010 17:48:16

VBASE019.VDF   : 7.10.12.99    134144 Bytes  01.10.2010 17:48:16

VBASE020.VDF   : 7.10.12.122    131584 Bytes  05.10.2010 17:35:38

VBASE021.VDF   : 7.10.12.148    119296 Bytes  07.10.2010 20:28:28

VBASE022.VDF   : 7.10.12.175    142848 Bytes  11.10.2010 18:09:03

VBASE023.VDF   : 7.10.12.176      2048 Bytes  11.10.2010 18:09:03

VBASE024.VDF   : 7.10.12.177      2048 Bytes  11.10.2010 18:09:03

VBASE025.VDF   : 7.10.12.178      2048 Bytes  11.10.2010 18:09:03

VBASE026.VDF   : 7.10.12.179      2048 Bytes  11.10.2010 18:09:03

VBASE027.VDF   : 7.10.12.180      2048 Bytes  11.10.2010 18:09:03

VBASE028.VDF   : 7.10.12.181      2048 Bytes  11.10.2010 18:09:04

VBASE029.VDF   : 7.10.12.182      2048 Bytes  11.10.2010 18:09:04

VBASE030.VDF   : 7.10.12.183      2048 Bytes  11.10.2010 18:09:04

VBASE031.VDF   : 7.10.12.193     93184 Bytes  12.10.2010 20:04:53

Engineversion  : 8.2.4.78 

AEVDF.DLL      : 8.1.2.1      106868 Bytes  29.07.2010 18:13:33

AESCRIPT.DLL   : 8.1.3.45    1368443 Bytes  18.09.2010 09:37:21

AESCN.DLL      : 8.1.6.1      127347 Bytes  13.05.2010 12:35:58

AESBX.DLL      : 8.1.3.1      254324 Bytes  23.04.2010 22:13:29

AERDL.DLL      : 8.1.9.2      635252 Bytes  21.09.2010 15:55:37

AEPACK.DLL     : 8.2.3.11     471416 Bytes  11.10.2010 18:09:34

AEOFFICE.DLL   : 8.1.1.8      201081 Bytes  22.07.2010 16:23:12

AEHEUR.DLL     : 8.1.2.33    2949496 Bytes  11.10.2010 18:09:30

AEHELP.DLL     : 8.1.14.0     246134 Bytes  11.10.2010 18:09:07

AEGEN.DLL      : 8.1.3.23     401779 Bytes  01.10.2010 17:48:18

AEEMU.DLL      : 8.1.2.0      393588 Bytes  23.04.2010 22:13:26

AECORE.DLL     : 8.1.17.0     196982 Bytes  24.09.2010 19:34:22

AEBB.DLL       : 8.1.1.0       53618 Bytes  23.04.2010 22:13:25

AVWINLL.DLL    : 9.0.0.3       18177 Bytes  12.12.2008 07:47:56

AVPREF.DLL     : 9.0.3.0       44289 Bytes  08.12.2009 17:17:32

AVREP.DLL      : 8.0.0.7      159784 Bytes  17.02.2010 20:31:04

AVREG.DLL      : 9.0.0.0       36609 Bytes  07.11.2008 14:25:04

AVARKT.DLL     : 9.0.0.3      292609 Bytes  24.03.2009 14:05:37

AVEVTLOG.DLL   : 9.0.0.7      167169 Bytes  30.01.2009 09:37:04

SQLITE3.DLL    : 3.6.1.0      326401 Bytes  28.01.2009 14:03:49

SMTPLIB.DLL    : 9.2.0.25      28417 Bytes  02.02.2009 07:21:28

NETNT.DLL      : 9.0.0.0       11521 Bytes  07.11.2008 14:41:21

RCIMAGE.DLL    : 9.0.0.25    2438913 Bytes  15.05.2009 14:35:17

RCTEXT.DLL     : 9.0.73.0      87297 Bytes  08.12.2009 17:17:32
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: Vollständige Systemprüfung

Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Protokollierung.......................: niedrig

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: ignorieren

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, D:, 

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: ein

Suche nach Rootkits...................: ein

Integritätsprüfung von Systemdateien..: ein

Optimierter Suchlauf..................: ein

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: mittel
 

Beginn des Suchlaufs: Mittwoch, 13. Oktober 2010  21:39
 

Untersuchung der Systemdateien wird begonnen:

Signiert -> 'C:\Windows\system32\svchost.exe'

Signiert -> 'C:\Windows\system32\winlogon.exe'

Signiert -> 'C:\Windows\explorer.exe'

Signiert -> 'C:\Windows\system32\smss.exe'

Signiert -> 'C:\Windows\system32\wininet.DLL'

Signiert -> 'C:\Windows\system32\wsock32.DLL'

Signiert -> 'C:\Windows\system32\ws2_32.DLL'

Signiert -> 'C:\Windows\system32\services.exe'

Signiert -> 'C:\Windows\system32\lsass.exe'

Signiert -> 'C:\Windows\system32\csrss.exe'

Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'

Signiert -> 'C:\Windows\system32\spoolsv.exe'

Signiert -> 'C:\Windows\system32\alg.exe'

Signiert -> 'C:\Windows\system32\wuauclt.exe'

Signiert -> 'C:\Windows\system32\advapi32.DLL'

Signiert -> 'C:\Windows\system32\user32.DLL'

Signiert -> 'C:\Windows\system32\gdi32.DLL'

Signiert -> 'C:\Windows\system32\kernel32.DLL'

Signiert -> 'C:\Windows\system32\ntdll.DLL'

Signiert -> 'C:\Windows\system32\ntoskrnl.exe'

Signiert -> 'C:\Windows\system32\ctfmon.exe'

Die Systemdateien wurden durchsucht ('21' Dateien)
 

Der Suchlauf nach versteckten Objekten wird begonnen.

Es wurden '105480' Objekte überprüft, '0' versteckte Objekte wurden gefunden.
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'TrustedInstaller.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'WmiPrvSE.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'spamihilator.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wirelesscm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'TomTomHOMEService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'dwm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'audiodg.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Es wurden '46' Prozesse mit '46' Modulen durchsucht
 

Der Suchlauf über die Masterbootsektoren wird begonnen:

Masterbootsektor HD0

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf über die Bootsektoren wird begonnen:

Bootsektor 'C:\'

    [INFO]      Es wurde kein Virus gefunden!

Bootsektor 'D:\'

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '36' Dateien ).
 
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\'

C:\hiberfil.sys

    [WARNUNG]   Die Datei konnte nicht geöffnet werden!

    [HINWEIS]   Bei dieser Datei handelt es sich um eine Windows Systemdatei.

    [HINWEIS]   Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.

C:\pagefile.sys

    [WARNUNG]   Die Datei konnte nicht geöffnet werden!

    [HINWEIS]   Bei dieser Datei handelt es sich um eine Windows Systemdatei.

    [HINWEIS]   Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.

C:\_OTL\MovedFiles.rar

  [0] Archivtyp: RAR

    --> MovedFiles\10122010_190510\C_Users\Sascha\AppData\Local\Temp\dfrgsnapnt.exe

      [FUND]      Ist das Trojanische Pferd TR/Kazy.1215

Beginne mit der Suche in 'D:\' <Volume>
 

Beginne mit der Desinfektion:

C:\_OTL\MovedFiles.rar

    [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d2c14ce.qua' verschoben!
 
 

Ende des Suchlaufs: Mittwoch, 13. Oktober 2010  22:19

Benötigte Zeit: 39:50 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

  22406 Verzeichnisse wurden überprüft

 380247 Dateien wurden geprüft

      1 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      1 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      2 Dateien konnten nicht durchsucht werden

 380244 Dateien ohne Befall

   2331 Archive wurden durchsucht

      2 Warnungen

      3 Hinweise

 105480 Objekte wurden beim Rootkitscan durchsucht

      0 Versteckte Objekte wurden gefunden