Wie habe in Teilschritten bei der Datei-Entschlüsselung vorzugehen?

nettchen · 10.06.2012, 03:58

Hallo,

ich habe einen Verschlüsselungstrojaner auf PC, Malwarebyte konnte nun nach etlichen Fehlversuchen immerhin 25 von 30 infizierten Objekten in Quarantäne nehmen. 5 Fehlen noch jetzt weiss ich 1. nicht, ob ich da denn überhaupt schon irgendwas entschlüsseln sollte und 2. wie ich das zu machen habe.
Ich habe mir (siehe Startseite) das Avira Programm dafür heruntergeladen, habe die Daten auf USB extrahiert und da ging auch eine read me Datei auf.
Diese habe ich gelesen, aber ich verstehe davon überhaupt nichts.
Ich weiss absolut nicht wie ich hier irgendwas machen soll und mit welcher Datei... welche Datei ist denn mein Trojaner ???? Muss ich die Dateien "einfach nur kopieren"? kann ich die aus der Quarantäne einfach so kopieren oder muss ich erst direkt auf PC finden, denn einige Dateien findet C-Programm nicht obwohl sie aufgelistet werden bei jedem Scan.

Ich bin masslos überfordert

LG nettchen

kira · 10.06.2012, 09:45

Hallo und Herzlich Willkommen!

► Welche Art und Weise wurden die Daten (Eigene Dateien wie Bilder, Dokumente, Musik etc) bereits verschlüsselt? Kannst Du ein Beispiel nennen? Dateiändung wurden zugefügt (z.B "locked- .wxyz"), oder nach einem Zufallsprinzip besteht ein Dateiname aus Groß und Kleinbuchstaben (wie z.B QsEEUTODXNVqyssQ)?
Nämlich manche Varianten lassen sich entschlüsseln, andere wieder leider nicht..

gruß
kira

nettchen · 10.06.2012, 10:08

Hallo Kira...mensch ist das schön das Du dich meldest, wirklich

Also ich weiss nicht ob es das ist was Du brauchst ich bin anhand der Buchstaben-fibsel einfach mal wieder zu Avira rein denn dort habe ich soetwas gesehen: wenn ich bei Avira das Quarantäneverzeichnis öffnen lasse dann kommt da sowas bei raus:
a) 0d949269.qua = QUA-Datei =87KB
b) DoqgdXDaynQslaqArVTs = Datei =347KB
c) die grösste ist hier mit 2.675 KB angegeben
und insgesamt sind es dort 37 Dateien und
14 QUA-Dateien ...

Kira lass mich bitte noch kurz erwähnen das ich vermute das der Trojaner im Avira drin ist - Quarantäne und alles andere bei malewarebytes in Quarantäne ist = Logfiles habe ich gepostet mit der Überschrift avira und maleware bekommen trojaner u keylogger nicht unter einen hut... vielleicht brauchst du oder Ihr das ja noch...
Lg ich freu mich das ihr da seit : D

bin ich dort richtig?

kira · 10.06.2012, 10:21

Welches Betriebssystem hast Du denn?

nettchen · 10.06.2012, 10:33

ich muss so traurig wie das ist voll lachen hier... du fragst und ich suche hier wie zu ostern ; )
in der Systemsteuerung steht: Hersteller: emaschines Klassifikation: 4,2 Windows-Leistungsindex , Prozessor: Pentium (R) Dual Core CPU , Systemtyp: 64 Bit-Betriebssystem, Windows- Edition: Windows 7 Home Premium Service Pack 1

kira · 10.06.2012, 10:54

Windows 7 ist gut, vlt hast Du Glück
das Tool ist deine einzige Chance eventuell um deine Daten wieder zu haben:
-> Daten wiederherstellen mit ShadowExplorer
Rechner vom Internet und Netzwerk trennen (natürlich erst die im folgenden genannten Programme herunterladen bzw bereit halten!)
außerdem:
-> unter dem Titel: Weitere Lösungsansätze

kann ich Dir nur viel Glück wünschen

auf jeden Fall melde dich und berichte ob es Dir gelingen ist die Daten wieder zu entschlüsseln oder nicht?

nettchen · 10.06.2012, 12:19

hallo kira,

ich danke dir 1000 und 3 mal : D

ist es nun eigentlich schlimm (bitte siehe Beitrag : Avira und Maleware bekommen trojaner und keylogger nicht unter einen Hut - von mir) da ist die auflistung drin was maleware mit den infizierten daten gemacht hat bzw. konnte maleware mit PUP.GamePlay gar nicht anfangen dh. diese dateien sind nirgends in Quarantäne oder entfernt.... ???????? wäre lieb von dir wenn du da mal kurz reinsehen könntest und mir nochmal nen ok für deinen schritt geben könntest bevor ich hier den größten unsinn mache

ich meine meine PC Kenntnisse sind ja nun bekannt lach

also ich schaue morgen wieder rein gehe jetzt fort ich danke dir 1000 und 30 mal kira...ähh hatte ich das schon erwähnt : D

kira · 10.06.2012, 19:28

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

** Die Logs von OTL meistens sind zu lang, kannst auch als Textdatei anhängen (auf "Erweitert") klicken

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles, die Du posten möchtest)[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
kira

nettchen · 11.06.2012, 12:12

hallo Kira,

ich habe soeben versucht den scan durchzuführen,
es lief und dann stoppte der Scan mit dieser Meldung: Es befindet sich kein Datenträger im Laufwerk. Legen Sie bitten einen Datenträger ins Laufwerk: Device\Harddisk1\DR1 ein.

Was soll ich einlegen???? Wenn diese Meldung nicht "abgearbeitet" ist, läuft der Scan nicht weiter.

Danke Dir, LG Nettchen

Hallo Kira,

habe den Scan gemacht hier die Logs:

OTL LOG

Code:

ATTFilter

OTL logfile created on: 11.06.2012 13:02:44 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = K:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,22% Memory free
6,00 Gb Paging File | 4,94 Gb Available in Paging File | 82,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,41 Gb Total Space | 848,72 Gb Free Space | 92,31% Space Free | Partition Type: NTFS
Drive F: | 15,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,60% Space Free | Partition Type: FAT32
 
Computer Name: KLIMT-PC | User Name: Klimt | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - K:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\desktop\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\desktop\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\drivers\ss_mdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\SysNative\drivers\ss_bus.sys (MCCI Corporation)
DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\drivers\ss_mdfl.sys (MCCI Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1832&r=17360210sn06973954tl54h9l14326
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1832&r=17360210sn06973954tl54h9l14326
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1832&r=17360210sn06973954tl54h9l14326
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1832&r=17360210sn06973954tl54h9l14326
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7MOOI_deDE401
IE - HKCU\..\SearchScopes\{87DF2724-AB50-4EF8-A14B-9EB5E82556AF}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484
IE - HKCU\..\SearchScopes\{8F5273D5-AD8A-4488-B4CD-112BECF05DB2}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{BCC6676A-D3F4-40A9-8CD2-2977DFDDC9A3}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&ilc=12&p="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 15:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.4\FF
 
[2012.05.15 17:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Klimt\AppData\Roaming\mozilla\Extensions
[2012.06.08 22:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Klimt\AppData\Roaming\mozilla\Firefox\Profiles\7oy85g6b.default\extensions
[2012.04.05 23:33:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Klimt\AppData\Roaming\mozilla\Firefox\Profiles\7oy85g6b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.22 20:58:21 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Klimt\AppData\Roaming\mozilla\Firefox\Profiles\7oy85g6b.default\extensions\donottrackplus@abine.com
[2012.06.08 22:43:05 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Klimt\AppData\Roaming\mozilla\Firefox\Profiles\7oy85g6b.default\extensions\info@djzig.com
[2012.04.14 12:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.09 18:54:29 | 000,439,720 | ---- | M] () (No name found) -- C:\USERS\KLIMT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7OY85G6B.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
[2012.05.29 19:48:19 | 000,336,363 | ---- | M] () (No name found) -- C:\USERS\KLIMT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7OY85G6B.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012.04.05 23:14:14 | 000,616,227 | ---- | M] () (No name found) -- C:\USERS\KLIMT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7OY85G6B.DEFAULT\EXTENSIONS\{1E9A63EF-84EC-49A4-8D6F-2DD9524E90D0}.XPI
[2012.04.06 00:29:02 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\KLIMT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7OY85G6B.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.04.25 15:26:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.24 08:58:16 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Klimt\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Klimt\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll File not found
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll File not found
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Klimt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DRPU PC Management - Basic] "C:\Program Files (x86)\DRPU PC Management - Basic\Basic Manage.exe" "hd" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8:64bit: - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} hxxp://order.ifolor.de/GENERAL/LowRes/app_support/3/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03C847CB-2B5A-49FD-BFB4-89942190E678}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09793ACB-3D69-4E0F-A48B-A02E78B71388}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CA967AA-76A9-4692-88DA-5E17D2099B67}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AE756AB-B5BA-43B3-880C-0518AEE385D0}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31889C6D-7004-48B3-8CA8-F3307E1A5FEB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39680DFB-5981-4047-B4CA-73FAFD9B7D06}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44FA2DA9-1CBA-4104-AE5E-309A65356CDA}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{496593C3-1D44-4DB6-B840-E730A0D900BD}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B38ED10-4E33-4768-838B-59092DD9D76B}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{730B8E99-D006-44CB-B96E-38478C2D6EBC}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FC132CD-A340-4466-93DA-6573D713443B}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A717C0C5-6FB7-4C0B-B829-389AAC6914AE}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A84C58E6-FD00-4E34-B6ED-2A96DEE8C22A}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5F28595-A72B-4F25-A99C-29FF32501FC4}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAB8EDE3-7059-4C7A-8BA9-132679AF03BF}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E77F9957-F09E-4782-990E-7A1893DD9D4D}: NameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34145af5-9ccc-11e1-b9a2-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{34145af5-9ccc-11e1-b9a2-001e101fb45e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{34145baa-9ccc-11e1-b9a2-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{34145baa-9ccc-11e1-b9a2-001e101fb45e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{37d8430a-3f65-11e1-8d23-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{37d8430a-3f65-11e1-8d23-001e101f50a4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{592d9a51-5706-11e0-802d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{592d9a51-5706-11e0-802d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{592d9a9f-5706-11e0-802d-bd8c5ad38a9f}\Shell - "" = AutoRun
O33 - MountPoints2\{592d9a9f-5706-11e0-802d-bd8c5ad38a9f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{756fd1cf-5ecb-11e1-b802-ad7d88a3d0fa}\Shell - "" = AutoRun
O33 - MountPoints2\{756fd1cf-5ecb-11e1-b802-ad7d88a3d0fa}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{76b7d2c9-3539-11e1-b63b-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{76b7d2c9-3539-11e1-b63b-001e101fe70e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{76b7d2de-3539-11e1-b63b-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{76b7d2de-3539-11e1-b63b-001e101fe70e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{76b7d307-3539-11e1-b63b-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{76b7d307-3539-11e1-b63b-001e101fe70e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{76fec0a6-aa3c-11e1-aca5-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{76fec0a6-aa3c-11e1-aca5-001e101faa49}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{94d862ba-5f8c-11e0-acea-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{94d862ba-5f8c-11e0-acea-001e101f1ed9}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{94d86323-5f8c-11e0-acea-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{94d86323-5f8c-11e0-acea-001e101f1ed9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c7e1566d-f720-11df-badd-82768f121f91}\Shell - "" = AutoRun
O33 - MountPoints2\{c7e1566d-f720-11df-badd-82768f121f91}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O33 - MountPoints2\{c885ad74-a17b-11e0-8ab9-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{c885ad74-a17b-11e0-8ab9-001e101f57d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ee771727-378d-11e1-b1ed-cc9a37f1efe6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee771727-378d-11e1-b1ed-cc9a37f1efe6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ee771739-378d-11e1-b1ed-cc9a37f1efe6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee771739-378d-11e1-b1ed-cc9a37f1efe6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ee7717bd-378d-11e1-b1ed-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{ee7717bd-378d-11e1-b1ed-001e101f82a0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ee7717e3-378d-11e1-b1ed-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{ee7717e3-378d-11e1-b1ed-001e101f82a0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.10 03:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012.06.09 22:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.09 22:31:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.09 16:59:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.09 14:57:05 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Roaming\TeamViewer
[2012.06.09 14:56:59 | 002,675,960 | ---- | C] (TeamViewer GmbH) -- C:\Users\Klimt\Desktop\TeamViewerQS_de.exe
[2012.06.09 14:40:57 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{9DEC02AF-EACD-42F9-8B52-A685321C588C}
[2012.06.09 11:27:26 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{11DBED53-875B-4A6C-80AD-27343912164D}
[2012.06.08 22:48:29 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{6CB6A5AE-204F-41EA-B08C-2079F24C5837}
[2012.06.08 22:45:13 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{036D26F3-0A62-41FA-A9FE-8E56913C9F62}
[2012.06.08 22:11:32 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{7DE577CD-9A31-4D27-ABDE-3B9984A1703C}
[2012.06.08 21:52:14 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{70827CE3-5ECE-41EB-BDC4-943CC44E6839}
[2012.06.08 21:24:40 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{566E8847-5AF4-4526-AB69-0F70DAE5FCF5}
[2012.06.08 20:19:38 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Roaming\Malwarebytes
[2012.06.08 20:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.08 20:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.08 16:25:49 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{A6A2B787-11E9-49E7-BA9D-A1B751269F39}
[2012.06.08 16:21:18 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{7605CC5E-5BD8-4626-9E4F-C75FCCB49CF8}
[2012.06.08 16:17:16 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{DBDAF8EB-8C7E-4A52-9C2A-2A936BD1FAAD}
[2012.06.08 13:38:54 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{8C7DE73F-2887-4E9A-9F65-2BA272E913D0}
[2012.06.08 13:29:12 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Roaming\Junfpowng
[2012.06.08 11:20:45 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{85BC5577-F02B-4ABD-B2B0-5CF0B35ECE19}
[2012.06.06 11:09:31 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{578B1E07-562B-4CE5-B4C5-B22330960CDC}
[2012.06.06 08:16:00 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{2D3F3FDD-90C3-4A27-9861-5883C04F44A9}
[2012.06.03 08:59:12 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{B868A2E6-7D87-4A6D-9023-494570B9CDAC}
[2012.06.03 08:58:26 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{88BE2412-B1F2-4E98-A175-2E8DA1C847C4}
[2012.06.02 16:02:57 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{EB3DE2A8-636D-4F68-A2DC-D70C1A09DCCE}
[2012.06.02 07:55:51 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{981B5CDC-3F19-47CA-B09F-F5888F448491}
[2012.06.01 11:03:59 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{98F2FD73-13F7-4CFD-A051-3AAB66FCDD0A}
[2012.06.01 11:01:50 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{B97265E8-396B-4F6C-9A6C-EC55BD64E647}
[2012.05.31 18:37:03 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{6E32CD37-3488-4E60-8384-49DC0D4735A4}
[2012.05.31 18:37:02 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{46EA4BAD-D06C-4C0A-A0F1-ED5E11314EB2}
[2012.05.30 16:21:27 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{C361CB58-2F19-4935-B332-62C1C0599E84}
[2012.05.30 16:20:49 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{E2CAAD36-6332-499C-9EC9-C441F2971030}
[2012.05.30 11:48:06 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{D20649D5-E1E7-4AAB-9D20-CEE8F2FED668}
[2012.05.29 19:31:37 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{B8D58CC1-1854-4176-932A-08892C68CE8C}
[2012.05.29 09:39:51 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{89405CD5-8D81-4DA4-A3CF-BDDB3D851E3C}
[2012.05.29 09:31:01 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{1E389E14-80C3-450B-84FD-15715314175D}
[2012.05.28 19:50:53 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{BCB307B6-2443-4125-A9EF-CE0AE5BC95DA}
[2012.05.28 10:42:54 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{D2A27465-C720-4274-B47A-2732EA93BE1A}
[2012.05.27 15:33:52 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{4158332E-1390-4BA8-8022-8D798C753936}
[2012.05.26 17:03:15 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{3E89B308-E77B-4E3A-A441-17C16DC12DA2}
[2012.05.26 17:03:01 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{D47BC7E7-CDFC-427A-8ED0-695107D0B1F3}
[2012.05.26 14:25:11 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{8EAAAD8D-DBD3-4A61-A5A1-7D5F74730731}
[2012.05.25 11:52:38 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{7D2CAE53-0A5D-4F37-8E42-974D7131488B}
[2012.05.24 19:50:04 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IJL_11.DLL
[2012.05.24 19:50:04 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX
[2012.05.24 19:50:04 | 000,124,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2012.05.24 19:50:04 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2012.05.24 16:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.05.24 16:57:57 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Roaming\Product_RM
[2012.05.24 16:20:06 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{4B8DE87E-547C-406B-BE2C-3AE091369894}
[2012.05.24 14:29:11 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{C448D90E-EEEC-4BFF-A497-16B3F92738F8}
[2012.05.24 13:46:20 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{FBC46B39-4EC1-4B02-A761-661048B0AB29}
[2012.05.22 17:06:40 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Roaming\PeerNetworking
[2012.05.22 17:05:46 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{349291C1-E17B-4C19-8BF5-068B8F8E2E45}
[2012.05.22 17:05:30 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{E737A527-D8DC-4D67-B481-B39D1B6BFD62}
[2012.05.22 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Roaming\Blitware
[2012.05.22 15:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Helper
[2012.05.22 14:53:07 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{35B2D21F-7D54-4801-B6F9-F88A5824D950}
[2012.05.22 13:44:45 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{9F7CE24F-C115-4754-B920-58FDBCCCF142}
[2012.05.21 20:43:14 | 000,000,000 | R--D | C] -- C:\Users\Klimt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.05.21 19:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uncompressor
[2012.05.21 15:04:13 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{D2AC9728-4D8E-4B34-99D2-7A8F54F4BAE4}
[2012.05.21 15:04:01 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\{2A82A3D2-8CCD-4800-9A48-54B64AEFDE0C}
[2012.05.21 14:11:00 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.05.21 13:51:13 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012.05.21 13:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.05.21 13:48:35 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.05.21 13:48:35 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.05.21 13:48:34 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.05.21 13:48:34 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.05.21 13:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.21 13:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.21 13:45:33 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Local\Windows Live
[2012.05.21 13:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012.05.15 16:36:39 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Roaming\ATI
[2012.05.15 16:35:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.05.14 13:59:45 | 000,000,000 | ---D | C] -- C:\Users\Klimt\AppData\Roaming\Macromedia
[2012.05.12 20:34:29 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.12 20:34:27 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.12 20:34:25 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.12 20:34:25 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.11 13:17:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.11 13:08:34 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.11 13:08:34 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.11 13:08:34 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.11 13:08:34 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.11 13:08:34 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.11 12:52:38 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.11 12:52:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 12:52:28 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.10 10:18:23 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012.06.09 22:31:32 | 000,000,839 | ---- | M] () -- C:\Users\Klimt\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.09 17:00:13 | 000,000,017 | ---- | M] () -- C:\Users\Klimt\AppData\Local\resmon.resmoncfg
[2012.06.09 16:35:10 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.09 16:35:10 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.24 15:37:43 | 000,000,426 | ---- | M] () -- C:\Windows\wininit.ini
[2012.05.22 19:22:43 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.22 19:22:43 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.22 15:45:53 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\File Helper.job
[2012.05.21 12:58:00 | 000,000,000 | ---- | M] () -- C:\Users\Klimt\AppData\Roaming\wklnhst.dat
[2012.05.14 16:02:22 | 000,000,000 | ---- | M] () -- C:\Windows\txtDef
[2012.05.13 09:22:02 | 000,445,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.10 06:09:14 | 000,000,839 | ---- | C] () -- C:\Users\Klimt\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.09 17:00:13 | 000,000,017 | ---- | C] () -- C:\Users\Klimt\AppData\Local\resmon.resmoncfg
[2012.05.22 15:45:53 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\File Helper.job
[2012.05.21 14:03:34 | 000,001,314 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.05.21 14:02:05 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.05.21 13:58:46 | 000,001,467 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.05.21 13:56:16 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.05.21 12:58:00 | 000,000,000 | ---- | C] () -- C:\Users\Klimt\AppData\Roaming\wklnhst.dat
[2012.05.16 09:58:40 | 000,000,426 | ---- | C] () -- C:\Windows\wininit.ini
[2012.05.14 16:02:22 | 000,000,000 | ---- | C] () -- C:\Windows\txtDef
[2012.04.24 11:13:02 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.07 19:58:06 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.12.08 19:50:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\msiLn-ern.dll
[2011.06.28 11:04:53 | 000,009,861 | ---- | C] () -- C:\Windows\SysWow64\mswmn-oce.dll
[2011.01.10 17:49:33 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\msimc-ocd.dll
[2010.10.16 22:33:02 | 000,004,810 | ---- | C] () -- C:\Users\Klimt\AppData\Roaming\mdbu.bin
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:8927A071

< End of report >

OLT Extra Logfile

Code:

ATTFilter

OTL Extras logfile created on: 11.06.2012 13:02:44 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = K:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,22% Memory free
6,00 Gb Paging File | 4,94 Gb Available in Paging File | 82,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,41 Gb Total Space | 848,72 Gb Free Space | 92,31% Space Free | Partition Type: NTFS
Drive F: | 15,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,60% Space Free | Partition Type: FAT32
 
Computer Name: KLIMT-PC | User Name: Klimt | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = FreeFileViewer.TXT] -- "C:\Program Files (x86)\FreeFileViewer\FREEFILEVIEWER.exe"  "%1"
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0198EB9E-0535-4591-9527-F8ADC8A4C12B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{08D87D13-01C2-4548-BA49-A11EDBB88CD4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2362E894-D0F5-4A15-BE91-12D33F48C31B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24D0C30B-AE29-4890-B394-8FD03CCAE0AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2B77F3CB-313D-445C-B389-57D8C4116FB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2D2D54B7-1ED9-4C81-8048-766843033A0D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3405B442-993B-4DF3-B795-A3575838B73F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{373C704E-8059-4F55-B1E1-2661EC1C64D7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{403918A7-0CF2-475E-A484-295FFD11736E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{426866B7-3548-431D-9F2D-3918BD864B19}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4517C089-7FCE-4959-9141-60D17FE72886}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47733750-30B7-4CBE-9EAA-0C8B0C51A96B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{47C7F659-45C7-4D6F-BAC6-993CA27D7A56}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4969EA36-EC1F-4DE2-912E-05ED15C5DFC0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{50068F10-853B-4360-B63B-3A060F76C739}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{539ECA31-A831-48BC-B252-B1B394247A8D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55113B00-D4E7-4380-A7A0-5F4AACD0B4D3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5A6343E8-F301-4E1B-A067-DDB99B5896DE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{5B94ECBE-58B4-418B-B136-A1119A57A260}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{65C63F02-B2EE-4E73-9FC2-FD1FC6AEDA87}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{741434F0-DACA-4E36-99B6-FDEF30B05443}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{78F6D5D8-D5B7-4F8F-99C7-E47691B62024}" = lport=445 | protocol=6 | dir=in | app=system | 
"{79393941-3752-4A2C-8D92-E7A49340B2E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7EBFB97E-0EF8-4270-B38F-95A1F9C0965E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{873D22EE-09C9-4D7E-95CD-20FA278D594C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{87AD937A-DE00-46E2-9FD9-6C827BA7A6DC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8C9B6610-5452-42CE-9BAB-05504015DEF0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8E3E40B2-EEBA-4323-95D3-87CCC7E23931}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{AF613DAE-4130-403B-B63E-35ABEC17973F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B106C2C9-7FA0-4BFF-BE4C-861692FEDD73}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B9BEF4AC-CDEF-4D13-96F8-5C623245C53B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{BACD655D-072B-46CF-936F-2A5DC94D2778}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C50AD289-6D40-4E5A-A5A1-0EF0386B10F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E3393115-342F-4FCD-AAE1-D63EC8B2693B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E359DF46-6BBB-4B64-8FDC-3155EDDA06E8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E9AAB7D5-5056-48F6-92B1-4BC176FF43DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EA706817-EFEF-4E8B-91E2-DA7468AC3BC5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EB56442E-4CAB-4D29-82EA-B65BB9576B89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF8F8F2C-86E5-4ED5-BD55-4604ED56F1B5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{F4CE45DC-5BA2-4583-B3A6-3507F14494B6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F8CDD29B-46DC-40C9-9E4C-826469CE19F0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F9BA632D-A0D9-47FC-8FE9-6AB29FE3A17A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{FC0BCCE0-BCB8-4AFE-AA45-5CA1AAB7E86B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0355D128-8F00-4E06-8142-1DCECF1B82E1}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{0703156A-78E9-467F-A2DB-ADEB30C7CEE6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0A2696D3-AE06-4ADD-90C0-58D23758A9DB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0AC9DF5A-F8AF-4436-9AE0-0B8E17EE0F8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0D77C86A-F94F-4C0A-A719-EE8728061BF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{149E9CE2-D89D-49B1-A1D9-6F7B0F2FF003}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{1B8DDC49-9016-4788-B786-206E004DF9F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1E391504-B75D-4A8E-A71A-C9D888FE0513}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{22D8EF9D-CBE7-4523-8BD5-BFFBEC7C3FEC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{291E1511-9327-48AC-9B4C-DCDBB842480B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{36ED5F3C-8B0A-463B-B8F4-737B5CE3F48E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3EEDEC23-75AB-48CD-8226-8D3E189C5235}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{40EC75FA-ECB6-4C7E-92A2-2F0E7679E256}" = protocol=17 | dir=in | app=c:\users\klimt\downloads\sweetimsetup.exe | 
"{568D59DC-3CD0-4943-A324-0D5513B96C1F}" = dir=in | app=c:\users\klimt\desktop\pic\mpk\mpk.exe | 
"{58802151-3F1F-4A42-83A4-3CAFC1F0D857}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{65A26CDA-C700-4B0A-9988-F1C9F1044D85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65D8D487-0800-4CA9-8DF4-DA39F14D35F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6DD1CFD1-A9E1-45F5-9186-5729B640A767}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{76848173-8435-4AE1-A666-9815BA88B7CF}" = protocol=6 | dir=in | app=c:\users\klimt\downloads\sweetimsetup.exe | 
"{77167703-3EDC-43E4-BAD2-E53458806410}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{778BD0B7-1463-49D4-8523-4A577B891F7B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{81260053-7724-49F3-950F-C7780EF50618}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{85826E51-295C-4745-8116-7EFB9F7995A6}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{89E64241-044C-4515-9A55-E04F55FC9302}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe | 
"{8AFC2667-525B-42FB-8DB6-024F899256F1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8E980BCD-A495-417E-B03A-5E0DF41211EA}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{9532283E-1775-4F67-BE3F-EA311F70C60B}" = dir=in | app=c:\users\klimt\desktop\pic\mpk\mpkview.exe | 
"{9E1C657A-4176-4ACE-94E9-CAE391458ED8}" = protocol=6 | dir=out | app=system | 
"{AE9C902C-4BF9-48AF-8013-39EE2B9A1561}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{B4893A67-6959-4C3B-8FD3-1360A6235BBD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B48DA464-79EB-4B44-B6B0-01AA929199AA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{B5AA4D9B-9622-4CDE-8FF2-E2C808AC55E6}" = dir=in | app=c:\users\klimt\desktop\pic\mpk\mpkview.exe | 
"{B61B470F-199F-45C4-8CE3-B1CFA1E013E4}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{B6AE6114-E3EC-4F9C-817C-5136B13FCBF9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{B9CAD4FE-A064-4C46-8CFE-4F3412CD0DCA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BAD5EC5D-EDC9-4748-B5A4-8C01280B66AB}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{BBC96DF2-7C9D-4201-AF69-8401135BBA66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BCD9CF43-EA5F-4A52-A6CB-5A7B90939FA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C66C8297-1113-49F8-9ADD-5D57AFB304A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C9FACF08-7A21-425A-B738-76DC6B9185A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC44B486-F8B2-4D20-8370-EE46AEBCF6E6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D05627F0-EC3A-4189-B83B-3B3F49907BA4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D3FA57B6-6FB2-4AD8-9519-3073F6F7FB2D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{DF1F794F-6E74-4357-AF4A-7AA97E04E57D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4B4EB03-5B27-404A-A260-1D5D3269E477}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{E9425EE2-8A9B-4D2E-AE2B-3794776135A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{F95C99D8-D749-456D-8368-27BF0FA88776}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{FBF23D98-EABB-4E14-91A0-81E36778581D}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe | 
"{FD6DE1FA-C12B-4FA9-9471-0C39F46D2363}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{174EC8EF-5BDE-4B17-8EDF-572DB642E135}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"TCP Query User{4BFBCE08-F67B-432D-8A36-7D86AB7F6742}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{675508CB-1F67-471D-A86D-08382196509D}C:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"TCP Query User{68301EF1-7F37-4542-B73B-8CB61782E0B9}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{7F2801B3-6A40-4357-8C66-195DDCF85BD1}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"TCP Query User{86517B53-6DF1-4939-A936-01EB3E28DEB6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{A4E8A4FB-F367-4AFB-AAEF-C4084CFE59AE}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{B0B36769-FA07-40C6-AE86-3F5A0AB18916}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe | 
"TCP Query User{B24613B3-13EA-4830-BBFB-89C0885E0E39}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe | 
"TCP Query User{B8BBBF7E-9A6D-4A78-ADE3-49FB91E47E26}C:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe | 
"TCP Query User{CDF92453-3026-43DD-9283-226D5E7190BC}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{D8C19697-A1C6-4277-A5C6-D2538B943C97}C:\program files (x86)\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"UDP Query User{13914BAB-EB97-4651-877A-257367640913}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{2CB46474-5E94-4705-BDCB-C21C1CACFC05}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"UDP Query User{3A9FD9F5-67EB-4BDD-8544-017926A8B6B4}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{3C00C57E-3F8D-4876-B71F-5C6B9CB27392}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{46BC2C54-E7E2-4677-86A9-7A2E44A8475C}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe | 
"UDP Query User{8326BC18-0ADE-4097-8042-26046C1FAE99}C:\program files (x86)\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"UDP Query User{8F365441-676B-4609-9B4C-5A061F8484DF}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{99A0A9D9-AC01-4027-B401-687AED7F20D9}C:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\medal of honor pacific assault(tm)\mohpa.exe | 
"UDP Query User{BD2A6A4F-8865-4AAE-B91B-401DD7FF9AA2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{D333F66B-C334-4579-BA92-0DAF3DAD3B5F}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe | 
"UDP Query User{DAC2DA46-48CA-447A-90F6-F2C9B2241FAA}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{F4C019D0-B25B-44CE-B8DA-5E91AC0AE72E}C:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8189F0AA-AA29-BC80-9FE8-DE52DF116C68}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B66CA6D0-8EA3-4838-91D1-47EACDCCFA2B}" = Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C31D1504-CD94-7E5C-A3E6-CB3C12295307}" = ccc-utility64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01614445-CCE1-1ECA-2CDB-1A577B688DFF}" = ccc-core-static
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{066DD9D3-FD7C-9130-17E4-DC4CD02D69A6}" = CCC Help French
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FF56AF2-762D-D955-1468-856E1EAD6C06}" = CCC Help Thai
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28A44ABD-EE9D-7805-6786-D5612E7DDA20}" = CCC Help Chinese Standard
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29EAD1B2-01D9-1FFA-FBD1-31DC6759D7ED}" = CCC Help German
"{2EDB1CF3-6D0F-7836-79BD-079D2912163D}" = CCC Help Japanese
"{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1" = eMachines GameZone Console
"{32AE47CC-8012-B2ED-9D82-8E245BF745B1}" = Catalyst Control Center Graphics Light
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3826E524-BFB7-1E11-5D89-EC22CBCE0688}" = CCC Help Swedish
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E9EDB94-88F9-AAE6-AEFB-F7BB6DFE8012}" = Catalyst Control Center Core Implementation
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5BB33CC5-8349-6F03-F60E-E86F4118A99B}" = Catalyst Control Center Localization All
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F3F277-E0CE-06B9-BECC-F53E99079AB6}" = CCC Help Polish
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65BA47AF-0CC8-DA86-C3BA-92829F5241BE}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FBDE9F-3A0C-CDD7-36D4-348B71363A7C}" = Catalyst Control Center InstallProxy
"{6fedda4a-4fda-4f7b-831d-0f0b111c55be}" = Nero 9 Essentials
"{70E823DF-CE65-4BBD-21F7-D77727BACA9A}" = CCC Help Danish
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1" = File Helper 2.5.4.1
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9914576F-ED49-B24B-023C-4917421986CB}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE8D0B2A-FE8D-0ACF-531B-05068EA06522}" = CCC Help Portuguese
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1BDAA2B-A795-11C8-4C6A-A9CB8BD99100}" = CCC Help Chinese Traditional
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4DA10E2-37A7-DAEE-7F2F-B00C0F213164}" = CCC Help Russian
"{BB5C389F-3631-5562-EB2E-7B0BE65AB66B}" = CCC Help Norwegian
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFD594CB-6E2A-E7EB-8CB2-66F6E209EB78}" = Catalyst Control Center Graphics Previews Vista
"{C10A0C51-DEEE-B9F8-DD08-52B7572349A0}" = CCC Help Italian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C599D0A6-D1C6-AB0F-014B-4A553085EBFC}" = CCC Help Hungarian
"{C80D3E2D-B478-3290-8963-3A508792700C}" = CCC Help Finnish
"{C8CEF910-8113-F2F0-530C-8DA969AD726C}" = Catalyst Control Center Graphics Full Existing
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D473C23A-F14F-6EF1-3AAF-FCDAF376E310}" = Catalyst Control Center Graphics Full New
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E44DA223-0DF7-648D-6267-6972FB22B5A3}" = CCC Help Korean
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ECDC0955-65FE-5EF4-8587-EC0D17B82BA7}" = CCC Help Spanish
"{EE10D76C-39B7-40A8-A24C-1BEEACBED160}" = Catalyst Control Center - Branding
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{EF4A6F9A-D4DE-CAD5-4F7B-AB80F711E01B}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FBE56A1E-20A0-60D8-E31C-69A00A035742}" = CCC Help Czech
"{FFF7381B-A55B-6025-B872-D31346F85D15}" = CCC Help Turkish
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"HP Photo Creations" = HP Photo Creations
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.1
"PhotoScape" = PhotoScape
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Uncompressor" = Uncompressor
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.07.2011 08:50:04 | Computer Name = Klimt-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search box extension\SrchBxEx.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search box extension\SrchBxEx.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 14.07.2011 08:50:21 | Computer Name = Klimt-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.07.2011 08:50:21 | Computer Name = Klimt-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.07.2011 08:50:22 | Computer Name = Klimt-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.07.2011 08:50:22 | Computer Name = Klimt-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.07.2011 12:58:11 | Computer Name = Klimt-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.07.2011 05:45:13 | Computer Name = Klimt-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\phonostar-Player\phonostar.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 15.07.2011 05:47:42 | Computer Name = Klimt-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.07.2011 08:29:14 | Computer Name = Klimt-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.07.2011 08:29:14 | Computer Name = Klimt-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 11.06.2012 07:33:45 | Computer Name = Klimt-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "eMachines" den Befehl "chkdsk" aus.
 
Error - 11.06.2012 07:33:45 | Computer Name = Klimt-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "eMachines" den Befehl "chkdsk" aus.
 
Error - 11.06.2012 07:34:01 | Computer Name = Klimt-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "eMachines" den Befehl "chkdsk" aus.
 
Error - 11.06.2012 07:34:01 | Computer Name = Klimt-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "eMachines" den Befehl "chkdsk" aus.
 
Error - 11.06.2012 07:34:01 | Computer Name = Klimt-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "eMachines" den Befehl "chkdsk" aus.
 
Error - 11.06.2012 07:34:01 | Computer Name = Klimt-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "eMachines" den Befehl "chkdsk" aus.
 
Error - 11.06.2012 07:34:17 | Computer Name = Klimt-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "eMachines" den Befehl "chkdsk" aus.
 
Error - 11.06.2012 07:34:17 | Computer Name = Klimt-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "eMachines" den Befehl "chkdsk" aus.
 
Error - 11.06.2012 07:34:17 | Computer Name = Klimt-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "eMachines" den Befehl "chkdsk" aus.
 
Error - 11.06.2012 07:34:17 | Computer Name = Klimt-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "eMachines" den Befehl "chkdsk" aus.
 
 
< End of report >

ähhmm um halb acht heut morgen habe ich geschlafen...

ok mein Freund hat Schule, aber dann muss er zu spät losgefahren sein um, um kurz nach halb acht noch am PC was zu machen...
mit dem Befehl weiss ich eh nix anzufangen.....

So Kira, ich hoffe die Code und Code am Ende zeigen sich jetzt als richtig gemacht auf ; )

kira · 11.06.2012, 16:14

1.
Deinstalliere:

Zitat:

Avira SearchFree Toolbar plus Web Protection Ask.com
Avira SearchFree Toolbar plus Web Protection Updater Ask.com

Info
Hinweise zum Einsatz von Freeware-Version Avira AntiVir Personal:
Hier klicken zum Weiterlesen:
-> http://www.chip.de/news/AntiVir-Serv..._45444953.html
► Wer möchte diese Adware auf seinen Rechner haben?!
Lieber ohne Webguard, als mit ein Adware...

2.
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:

Code:

ATTFilter

Babylon
MediaBar
SearchSettings
SweetPacks

Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars

Zitat:

Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!

3.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1832&r=17360210sn06973954tl54h9l14326
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1832&r=17360210sn06973954tl54h9l14326
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1832&r=17360210sn06973954tl54h9l14326
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1832&r=17360210sn06973954tl54h9l14326
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl-start.computerbild.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.de/ [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7MOOI_deDE401
IE - HKCU\..\SearchScopes\{87DF2724-AB50-4EF8-A14B-9EB5E82556AF}: "URL" = http://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484
IE - HKCU\..\SearchScopes\{8F5273D5-AD8A-4488-B4CD-112BECF05DB2}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{BCC6676A-D3F4-40A9-8CD2-2977DFDDC9A3}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&ilc=12&p="
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.24 08:58:16 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34145af5-9ccc-11e1-b9a2-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{34145af5-9ccc-11e1-b9a2-001e101fb45e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{34145baa-9ccc-11e1-b9a2-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{34145baa-9ccc-11e1-b9a2-001e101fb45e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{37d8430a-3f65-11e1-8d23-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{37d8430a-3f65-11e1-8d23-001e101f50a4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{592d9a51-5706-11e0-802d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{592d9a51-5706-11e0-802d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{592d9a9f-5706-11e0-802d-bd8c5ad38a9f}\Shell - "" = AutoRun
O33 - MountPoints2\{592d9a9f-5706-11e0-802d-bd8c5ad38a9f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{756fd1cf-5ecb-11e1-b802-ad7d88a3d0fa}\Shell - "" = AutoRun
O33 - MountPoints2\{756fd1cf-5ecb-11e1-b802-ad7d88a3d0fa}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{76b7d2c9-3539-11e1-b63b-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{76b7d2c9-3539-11e1-b63b-001e101fe70e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{76b7d2de-3539-11e1-b63b-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{76b7d2de-3539-11e1-b63b-001e101fe70e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{76b7d307-3539-11e1-b63b-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{76b7d307-3539-11e1-b63b-001e101fe70e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{76fec0a6-aa3c-11e1-aca5-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{76fec0a6-aa3c-11e1-aca5-001e101faa49}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{94d862ba-5f8c-11e0-acea-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{94d862ba-5f8c-11e0-acea-001e101f1ed9}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{94d86323-5f8c-11e0-acea-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{94d86323-5f8c-11e0-acea-001e101f1ed9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c7e1566d-f720-11df-badd-82768f121f91}\Shell - "" = AutoRun
O33 - MountPoints2\{c7e1566d-f720-11df-badd-82768f121f91}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O33 - MountPoints2\{c885ad74-a17b-11e0-8ab9-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{c885ad74-a17b-11e0-8ab9-001e101f57d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ee771727-378d-11e1-b1ed-cc9a37f1efe6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee771727-378d-11e1-b1ed-cc9a37f1efe6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ee771739-378d-11e1-b1ed-cc9a37f1efe6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee771739-378d-11e1-b1ed-cc9a37f1efe6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ee7717bd-378d-11e1-b1ed-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{ee7717bd-378d-11e1-b1ed-001e101f82a0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ee7717e3-378d-11e1-b1ed-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{ee7717e3-378d-11e1-b1ed-001e101f82a0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe

:Files
ipconfig /flushdns /c
:Commands
[REBOOT]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

4.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

5.
Die von uns empfohlene Methode um deine Daten zu retten:
Posting #6:-> http://www.trojaner-board.de/116961-...tml#post843418
mach das bitte jetzt!

nettchen · 11.06.2012, 16:35

wo kann ich die avira toolbar finden, habe bei firefox downloads geschaut und unten bei start eingegeben avira und einzeln toolbar sowie zusammenhängend ...finde es nicht und C:Klimt - Downloads ist nur avira-antivir-personal drin...ist dass, das?

kira · 11.06.2012, 17:03

gehe auf "Start > Systemsteuerung > Programme deinstallieren"

nettchen · 11.06.2012, 17:22

Kira ich find hier nichts

Also die AviraFreeSearch Toolbar ist in Downloads C: und Firefox nicht drin und geb ich Avira bei "Start" unten ein kommt nur a)im Internet b)hilfe c)jetzt starten wo finde ich das?

Dann zu Punkt 2: was ich löschen/deinstallieren soll war bei Sys-Steuerung Programme u Funktionen und ich finde da absolut nichts das einzige was drin war, war "BingBar" ...mhh ok steht nicht bei Dir drin ...ups...aber es war mit B...

naja das fehlt jetzt ...schlimm ...
Ich kann Dir das leider net kopieren was bei SYS alles drin steht ...aber ich habs Dir abgetippt: schau mal ... aber da ist ne QuickToolbar drin ...naja sieh selbst ich such hier nur nach Worten...

Code:

ATTFilter

Windows Treiberpacket
Windows Live
Welcome Center
Uncompressor
Realtek Audio Driver
QuickStoreToolbar 1.0.0
PhotoScape
phonostar Player
PDF Creator
PC Connectivity Solution
Paint.NET
Open Office.org 3.2
NVIDIA Driver + N. ForcePack Network Access Manager  (2x)  
Netgar wireless adapter
Nero 9 Essentials
MSXML SP2 (KB964430) + M. SP2 (KB973688)
Mozilla Firefox
Mobile Partner - Internetstick- das weiss ich 
Microsoft Works
Microsoft Visual C++ 2010 
Microsoft Visual C++ 2008 ( insgesamt 13x)
Microsoft Visual C++2005  (insgesamt 5x)
Microsoft Silverlight
Microsoft Office
Microsoft.NET Framework 4 (insgesamt 4x)
Malwarebytes
Java TM 6 Update 31
Java TM 6 Update 31 (64bit)
HP - Drucker weiss ich auch
File Helper 2.5.4.1
jetzt kommen emaschines einträge
Ebay worldwide
Avira Free Antivirus
ATI Catalyst Install Manager
Adobe ShockwavePlayer
Adobe Reader X (10.1.3) Deutsch
Adobe Flash Player 11 Plugin 64bit
Adobe Flash Player 11 ActiveX 64bit
Adobe Air

Hi Kira,

irgendwie will hier heut nix klappen

hab schon mal weiter gemacht und OLT als Adm. laufen lassen mit kopierten Logfile, PC startete NEU und jetzt habe 6 im schatten stehende Textdokumente namen u.a: NTUSER.DAT ABER:
ich darf sie nicht "Ausschneiden" - muss ja alles per USB Stick übertragen auf das netbook an ich sitze) weil es wohl wichtige SYS Dateien sind und wenn ich sie dem PC "wegnehme" das alles nicht mehr so funktioniert - so die meldung...jetzt habe ich sie halt auf USB "kopiert" doch der USB zeigt die Text-Dokumente nur an wenn ich den USB an dem PC anschliesse, schliesse ich den USB am netbook an, zeigt er nichts an .... und nun?

tut mir leid Kira Dir hier heute nur: "geht nicht" präsentieren zu müssen... wünsch mir auch es liefe anders ...

Ganz lieben Gruss und Dank an Deine Geduld und Ausdauer hier mit mir

(mal nen Blümchen überreicht)

So nachdem ich ja den Logfile Scan gemacht habe, nur die txt Dat Dateien nicht rüberkopieren kann, habe ich wie vorgegeben den OLT Scan erneut laufen lassen mit den "sonderhäcken"

Nach Logfile = Benutzerdefinierte Scan =

Code:

ATTFilter

OTL logfile created on: 11.06.2012 20:10:55 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = K:\alles zu OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,61% Memory free
6,00 Gb Paging File | 4,86 Gb Available in Paging File | 81,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,41 Gb Total Space | 848,74 Gb Free Space | 92,31% Space Free | Partition Type: NTFS
Drive F: | 15,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 3,71 Gb Total Space | 3,69 Gb Free Space | 99,55% Space Free | Partition Type: FAT32
 
Computer Name: KLIMT-PC | User Name: Klimt | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.11 12:45:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- K:\alles zu OTL\OTL.exe
PRC - [2012.05.22 19:22:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.22 19:22:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\desktop\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========

ps: ich wünsche Dir / Euch noch einen schönen Abend

kira · 12.06.2012, 15:56

bevor etwas schief läuft:
bitte hol dir am besten jemand der nur ein bisschen mehr Ahnung hat bzw bei die Anweisungen hilft! Ich meine das ernst

Wie habe in Teilschritten bei der Datei-Entschlüsselung vorzugehen?

Log-Analyse und Auswertung: Wie habe in Teilschritten bei der Datei-Entschlüsselung vorzugehen?