|
Plagegeister aller Art und deren Bekämpfung: SMART HDD Schwierigkeiten bei der EntfernungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.06.2012, 17:47 | #16 |
/// Selecta Jahrusso | SMART HDD Schwierigkeiten bei der Entfernung aaaaa, das was anderes Anderen USB Slot versucht ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
20.06.2012, 18:11 | #17 |
| SMART HDD Schwierigkeiten bei der Entfernung das habe ich nicht, ......aber soeben entdeckt, dass ich das tool auch im normalen modus vom stick starten KÖNNTE.... ist das sinnvoll? geht das auch? oder reparaturmodus, wie beschrieben und versuch eines anderen slots?
__________________danke! |
20.06.2012, 21:19 | #18 |
/// Selecta Jahrusso | SMART HDD Schwierigkeiten bei der Entfernung Nein, das Tool ist nicht für den Normalmodus entwickelt.
__________________
__________________ |
21.06.2012, 19:59 | #19 | |
| SMART HDD Schwierigkeiten bei der Entfernung Guten Abend Daniel, es hat funktioniert. Hier der Inhalt der erstellten frst.txt Datei: Zitat:
|
22.06.2012, 07:06 | #20 | |
/// Selecta Jahrusso | SMART HDD Schwierigkeiten bei der EntfernungStarte bitte FRST erneut. Diesmal schreibe in die Search: Box folgendes Zitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
22.06.2012, 07:56 | #21 | |
| SMART HDD Schwierigkeiten bei der Entfernung Guten Morgen, kurze Nachfrage: meinst Du mit "SearchBox" das fenster welches sich NACH dem Start durch j:\frst64.exe öffnet und wo ich das erste mal "scan" geklickt habe? Danke! ich habe es nun verstanden: also hier das ergebnis: Zitat:
|
22.06.2012, 09:57 | #22 |
/// Selecta Jahrusso | SMART HDD Schwierigkeiten bei der Entfernung Gefällt mir nicht :/ Welche Probleme sind eigentlich noch vorhanden. Die Logfile sieht ganz gut aus. Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
22.06.2012, 10:21 | #23 |
| SMART HDD Schwierigkeiten bei der Entfernung TDSS hat nichjts gefunden, ein Log kann ich nirgends finden. Ich hatte das Programm bereits gespeichert und gerade upgedatet. Es lief bereits letzte Woche gemäß den Anleitungen hier. Auch damals keine Funde, kein Log, jedenfalls nihct gefunden. Im Moment sind für mich als ANWENDER keine Probleme im Betrieb erkennbar. Es ist folgendes nach der Infektion aufgefallen: 1. Ich habe eine drive and go externe Festplatte am Rechner. Dorthin sichert Windows immer Sonntags. Die letzte Sicherung ist gescheitert. Windows meldet: Fehler beim Lesen aus der Schattenkopie auf einem der zu sichernden Volumes. Fehlercode: 0x81000037 2. Nach der Infektion werden auf dieser Festplatte neben dem Sicherungsordner keine weiteren Dateien/Ordner mehr angezeigt; es handelt sich im wesntlichen um Bilder und Videos Während meinen bereinigungversuchen nach der hiesigen Anleitung war die Platte vom Rechner getrennt; auch als unhide.exe lief, das die Dateien hier wieder umfänglich sichtbar gemacht hat. Ansonsten fällt mir nichts auf. Beste Grüße! BTW: Ich habe Logs der Scans und Bereinigungen von Mallwarebyts und RougeKiller, die ich angewendet habe; sind diese (noch) von Interesse? Geändert von moloko (22.06.2012 um 10:29 Uhr) |
22.06.2012, 10:37 | #24 | |
/// Selecta Jahrusso | SMART HDD Schwierigkeiten bei der EntfernungZitat:
Geht nämlich darum, dass ein Treiber, welcher sehr wahrscheinlich für dies zuständig ist, fehlt. Poste mir mal bitte die aktuellste Logfile von RogueKiller Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s %windir%\installer\*. /5 %localappdata%\*. /5 /md5start services.exe user32.dll iastor.* /md5stop CREATERESTOREPOINT
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
22.06.2012, 10:50 | #25 |
| SMART HDD Schwierigkeiten bei der Entfernung ddie platte heißt so. das ist eine gewöhnliche ext. platte mittel steckmodul und schine auf der oberseite des gehäuses platziert..... tdss hat übrigens einen ziemlich langen report wohl erstllt, den kann ich aber nur ansehen nicht mittels rechtsklick kopieren aber... hier zunächst die gewünschten logs von rougekiller: Code:
ATTFilter ogueKiller V7.5.4 [06/07/2012] durch Tigzy mail: tigzyRK<at>gmail<dot>com Kommentare: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: hxxp://tigzyrk.blogspot.com Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Gestartet in: Normal Modus Benutzer: Ernst & Gogg [Admin Rechte] Funktion: Scannen --Datum: 06/13/2012 21:53:16 ¤¤¤ Böswillige Prozesse: 0 ¤¤¤ ¤¤¤ Registry-Einträge: 7 ¤¤¤ [SUSP PATH] HKCU\[...]\Run : GPHmiBRaKXsSREO.exe (C:\ProgramData\GPHmiBRaKXsSREO.exe) -> FOUND [SUSP PATH] HKLM\[...]\Run : JAVA (C:\Windows\java.vbs) -> FOUND [SUSP PATH] HKUS\S-1-5-21-2881200875-1395689310-235358202-1001[...]\Run : GPHmiBRaKXsSREO.exe (C:\ProgramData\GPHmiBRaKXsSREO.exe) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤ ¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤ ¤¤¤ Infektion : ¤¤¤ ¤¤¤ Hosts-Datei: ¤¤¤ ¤¤¤ MBR überprüfen: ¤¤¤ +++++ PhysicalDrive0: ST315005 41AS SATA Disk Device +++++ --- User --- [MBR] bade5fca886393466c3abe2c4d96c73e [BSP] 4eda00d3cc03b8a3dbff798c7360e3a9 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1398953 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2865262592 | Size: 30720 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2928177152 | Size: 1024 Mo User = LL1 ... OK! User = LL2 ... OK! Abgeschlossen : << RKreport[1].txt >> RKreport[1].txt Code:
ATTFilter RogueKiller V7.5.4 [06/07/2012] durch Tigzy mail: tigzyRK<at>gmail<dot>com Kommentare: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: hxxp://tigzyrk.blogspot.com Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Gestartet in: Normal Modus Benutzer: Ernst & Gogg [Admin Rechte] Funktion: Entfernen --Datum: 06/13/2012 21:54:23 ¤¤¤ Böswillige Prozesse: 0 ¤¤¤ ¤¤¤ Registry-Einträge: 6 ¤¤¤ [SUSP PATH] HKCU\[...]\Run : GPHmiBRaKXsSREO.exe (C:\ProgramData\GPHmiBRaKXsSREO.exe) -> DELETED [SUSP PATH] HKLM\[...]\Run : JAVA (C:\Windows\java.vbs) -> DELETED [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1) [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤ ¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤ ¤¤¤ Infektion : ¤¤¤ ¤¤¤ Hosts-Datei: ¤¤¤ ¤¤¤ MBR überprüfen: ¤¤¤ +++++ PhysicalDrive0: ST315005 41AS SATA Disk Device +++++ --- User --- [MBR] bade5fca886393466c3abe2c4d96c73e [BSP] 4eda00d3cc03b8a3dbff798c7360e3a9 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1398953 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2865262592 | Size: 30720 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2928177152 | Size: 1024 Mo User = LL1 ... OK! User = LL2 ... OK! Abgeschlossen : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt Code:
ATTFilter RogueKiller V7.5.4 [06/07/2012] durch Tigzy mail: tigzyRK<at>gmail<dot>com Kommentare: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: hxxp://tigzyrk.blogspot.com Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Gestartet in: Normal Modus Benutzer: Ernst & Gogg [Admin Rechte] Funktion: Scannen --Datum: 06/13/2012 21:56:03 ¤¤¤ Böswillige Prozesse: 0 ¤¤¤ ¤¤¤ Registry-Einträge: 0 ¤¤¤ ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤ ¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤ ¤¤¤ Infektion : ¤¤¤ ¤¤¤ Hosts-Datei: ¤¤¤ ¤¤¤ MBR überprüfen: ¤¤¤ +++++ PhysicalDrive0: ST315005 41AS SATA Disk Device +++++ --- User --- [MBR] bade5fca886393466c3abe2c4d96c73e [BSP] 4eda00d3cc03b8a3dbff798c7360e3a9 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1398953 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2865262592 | Size: 30720 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2928177152 | Size: 1024 Mo User = LL1 ... OK! User = LL2 ... OK! Abgeschlossen : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt Code:
ATTFilter RogueKiller V7.5.4 [06/07/2012]durch Tigzy mail: tigzyRK<at>gmail<dot>com Kommentare: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: hxxp://tigzyrk.blogspot.com Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Gestartet in: Normal Modus Benutzer: Ernst & Gogg [Admin Rechte] Funktion: Reparierte Verknüpfungen --Datum: 06/13/2012 21:57:17 ¤¤¤ Böswillige Prozesse: 0 ¤¤¤ ¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤ ¤¤¤ Dateiattribute wiederhergestellt: ¤¤¤ Desktop: Success 0 / Fail 0 Schnellstart: Success 0 / Fail 0 Programme: Success 2 / Fail 0 Startmenü: Success 0 / Fail 0 Benutzer Ordner: Success 109 / Fail 0 Eigene Dateien: Success 0 / Fail 0 Mein Favoriten: Success 0 / Fail 0 Meine Bilder: Success 0 / Fail 0 Meine Musik: Success 1532 / Fail 0 Meine Videos: Success 0 / Fail 0 Lokale Laufwerke: Success 37 / Fail 0 Sicherungskopie: [FOUND] Success 0 / Fail 227 Laufwerke: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped [F:] \Device\HarddiskVolume5 -- 0x2 --> Restored [G:] \Device\HarddiskVolume6 -- 0x2 --> Restored [H:] \Device\HarddiskVolume7 -- 0x2 --> Restored ¤¤¤ Infektion : Rogue.FakeHDD ¤¤¤ Abgeschlossen : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt grüße |
22.06.2012, 11:23 | #26 |
| SMART HDD Schwierigkeiten bei der Entfernung ...und hier also die otl-logs. ..... [CODE] OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/22/2012 12:07:30 PM - Run 1 OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Ernst & Gogg\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.36% Memory free 8.00 Gb Paging File | 6.15 Gb Available in Paging File | 76.87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1366.17 Gb Total Space | 1083.14 Gb Free Space | 79.28% Space Free | Partition Type: NTFS Drive D: | 30.00 Gb Total Space | 10.37 Gb Free Space | 34.58% Space Free | Partition Type: NTFS Drive I: | 465.65 Gb Total Space | 194.47 Gb Free Space | 41.76% Space Free | Partition Type: FAT32 Drive J: | 1.92 Gb Total Space | 1.20 Gb Free Space | 62.52% Space Free | Partition Type: FAT Computer Name: MEDION01 | User Name: Ernst & Gogg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/22 12:05:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ernst & Gogg\Desktop\OTL.exe PRC - [2012/06/05 08:28:06 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ernst & Gogg\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/04/17 13:04:30 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/02/01 09:11:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2012/01/04 14:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2012/01/04 14:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010/11/17 19:53:00 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/04/17 13:04:30 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe MOD - [2012/02/01 09:12:34 | 000,423,808 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll MOD - [2012/02/01 09:12:32 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll MOD - [2012/02/01 09:12:30 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll MOD - [2012/02/01 09:12:14 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll MOD - [2012/02/01 09:12:14 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll MOD - [2012/02/01 09:11:28 | 000,437,632 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll MOD - [2012/01/10 19:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll MOD - [2012/01/10 19:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012/01/10 19:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll MOD - [2012/01/10 19:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012/01/10 19:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll MOD - [2012/01/10 19:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll MOD - [2012/01/10 19:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012/01/10 19:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012/01/10 19:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012/01/10 19:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll MOD - [2012/01/10 19:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012/01/10 19:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll MOD - [2012/01/10 19:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012/01/10 19:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll MOD - [2012/01/10 19:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll MOD - [2012/01/10 19:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll MOD - [2012/01/10 19:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll MOD - [2012/01/10 19:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll MOD - [2012/01/10 19:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012/01/05 17:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/11/11 04:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/06/13 08:26:35 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011/11/01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011/11/01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/25 07:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010/11/19 20:34:00 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/11/19 20:34:00 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/11/11 06:23:44 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/11/11 04:16:24 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/09/24 14:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/06/17 11:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010/06/14 11:41:10 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010/05/15 00:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010/05/15 00:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE420 IE - HKCU\..\SearchScopes\{AAF08C6E-80BB-469E-8A50-15A07B470FD6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE420 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/02 13:47:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/02 13:47:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/02/22 09:44:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/05 08:28:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/22 09:44:26 | 000,000,000 | ---D | M] ========== Chrome ========== O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ernst & Gogg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk = C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FC4AE18-1088-4A4E-A5C3-01A88EF86339}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{968D1D2D-689F-407A-9952-71D7A2706EF2}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/22 12:05:28 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ernst & Gogg\Desktop\OTL.exe [2012/06/22 11:37:32 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ernst & Gogg\Desktop\tdsskiller.exe [2012/06/22 06:51:24 | 000,000,000 | ---D | C] -- C:\FRST [2012/06/20 18:41:13 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\Documents\OneNote-Notizbücher [2012/06/15 11:29:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ernst & Gogg\Desktop\dds.com [2012/06/13 21:52:57 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\Desktop\RK_Quarantine [2012/06/13 21:08:29 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ernst & Gogg\Desktop\unhide.exe [2012/06/13 18:37:02 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\AppData\Local\Threat Expert [2012/06/13 17:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools [2012/06/13 16:58:50 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2012/06/13 16:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012/06/13 16:58:26 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\AppData\Roaming\TestApp [2012/06/13 16:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/06/13 16:35:55 | 000,000,000 | ---D | C] -- C:\sh4ldr [2012/06/13 16:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012/06/13 16:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012/06/13 16:34:44 | 000,725,408 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Ernst & Gogg\Desktop\SpyHunter-Installer.exe [2012/06/13 15:45:32 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\AppData\Roaming\Malwarebytes [2012/06/13 15:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/13 15:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/13 15:45:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/13 15:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/13 15:44:54 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ernst & Gogg\Desktop\malwarebytes_antimalware_1.61.exe [2012/06/13 13:48:51 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012/06/13 08:29:22 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\Desktop\Fehlerberichte [2012/06/05 08:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012/06/05 08:28:08 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012/06/05 08:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2011/03/02 11:27:39 | 000,359,936 | ---- | C] (SHI Elektronische Medien GmbH) -- C:\Users\Ernst & Gogg\IPView.exe [2011/03/02 11:19:57 | 000,167,936 | ---- | C] (ADVOLINE GmbH & Co. KG) -- C:\Users\Ernst & Gogg\progset.exe [2011/03/02 11:19:57 | 000,144,384 | ---- | C] (Verlag Dr. Otto-Schmidt) -- C:\Users\Ernst & Gogg\Formularpraxis.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/22 12:05:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ernst & Gogg\Desktop\OTL.exe [2012/06/22 11:37:38 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ernst & Gogg\Desktop\tdsskiller.exe [2012/06/22 11:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/22 11:30:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/22 11:04:21 | 002,109,806 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\tdsskiller.zip [2012/06/22 10:56:29 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/22 10:56:29 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/22 10:49:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/22 10:49:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/22 10:48:55 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys [2012/06/20 18:41:19 | 000,001,387 | ---- | M] () -- C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012/06/19 17:05:12 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/19 17:05:12 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/06/19 17:05:12 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/19 17:05:12 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/06/19 17:05:12 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/15 11:29:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ernst & Gogg\Desktop\dds.com [2012/06/13 23:37:31 | 000,426,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/13 21:52:55 | 001,521,152 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\RogueKiller.exe [2012/06/13 21:08:29 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ernst & Gogg\Desktop\unhide.exe [2012/06/13 19:58:16 | 001,012,656 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\iExplore.exe [2012/06/13 19:11:09 | 000,000,702 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\Data_Recovery.lnk [2012/06/13 16:34:46 | 000,725,408 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Ernst & Gogg\Desktop\SpyHunter-Installer.exe [2012/06/13 16:33:12 | 001,012,656 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\rkill.com [2012/06/13 16:13:16 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/06/13 15:45:06 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ernst & Gogg\Desktop\malwarebytes_antimalware_1.61.exe [2012/06/13 13:49:54 | 000,001,060 | ---- | M] () -- C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/13 13:49:18 | 000,001,042 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\Dropbox.lnk [2012/06/05 08:28:32 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk [2012/06/05 08:28:32 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012/06/05 08:28:08 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/22 11:04:14 | 002,109,806 | ---- | C] () -- C:\Users\Ernst & Gogg\Desktop\tdsskiller.zip [2012/06/20 18:41:19 | 000,001,387 | ---- | C] () -- C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012/06/13 21:52:41 | 001,521,152 | ---- | C] () -- C:\Users\Ernst & Gogg\Desktop\RogueKiller.exe [2012/06/13 21:15:03 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/06/13 19:58:16 | 001,012,656 | ---- | C] () -- C:\Users\Ernst & Gogg\Desktop\iExplore.exe [2012/06/13 19:11:09 | 000,000,702 | ---- | C] () -- C:\Users\Ernst & Gogg\Desktop\Data_Recovery.lnk [2012/06/13 16:23:05 | 001,012,656 | ---- | C] () -- C:\Users\Ernst & Gogg\Desktop\rkill.com [2012/06/13 16:07:06 | 000,002,581 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012/06/13 16:07:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/06/13 16:07:06 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/06/13 16:07:06 | 000,002,448 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/06/13 16:07:06 | 000,002,448 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2012/06/13 16:07:06 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012/06/13 16:07:06 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2012/06/13 16:07:06 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012/06/13 16:07:06 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk [2012/06/13 16:07:06 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/06/13 16:07:06 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk [2012/06/13 16:07:06 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\MEDION Serviceportal.lnk [2012/06/13 16:07:06 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\MEDIONhome.lnk [2012/06/13 16:07:06 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/06/13 16:07:06 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012/06/13 16:07:06 | 000,001,602 | ---- | C] () -- C:\Users\Public\Desktop\Formularpraxis - Verlag Dr. Otto Schmidt.lnk [2012/06/13 16:07:06 | 000,001,601 | ---- | C] () -- C:\Users\Public\Desktop\Gebührenformulare.lnk [2012/06/13 16:07:06 | 000,001,596 | ---- | C] () -- C:\Users\Public\Desktop\Handbuch des Wohnungseigentumsrechts.lnk [2012/06/13 16:07:06 | 000,001,594 | ---- | C] () -- C:\Users\Public\Desktop\Praxismodul Arbeits- und Sozialversicherungsrecht.lnk [2012/06/13 16:07:06 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012/06/13 16:07:06 | 000,001,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012/06/13 16:07:06 | 000,001,421 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012/06/13 16:07:06 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012/06/13 16:07:06 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012/06/13 16:07:06 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012/06/13 16:07:06 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012/06/13 16:07:06 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012/06/13 16:07:06 | 000,001,277 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2012/06/13 16:07:06 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012/06/13 16:07:06 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012/06/13 16:07:06 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk [2012/06/13 16:07:06 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2012/06/13 16:07:06 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\7-PDF Maker.lnk [2012/06/13 16:07:06 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012/06/13 16:07:06 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for FAT.lnk [2012/06/13 16:07:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/06/13 16:07:06 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\Versandhelfer.lnk [2012/04/17 13:04:08 | 000,000,417 | ---- | C] () -- C:\Users\Ernst & Gogg\AppData\Roaming\dpdhl.versandhelfer.medionpc_state.xml [2011/12/25 17:09:41 | 000,000,848 | --S- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/04/26 21:25:36 | 002,882,748 | ---- | C] () -- C:\Users\Ernst & Gogg\Datenrettung Verbatim v. 26.04.2011.st3 [2011/04/03 14:49:03 | 000,000,056 | ---- | C] () -- C:\Users\Ernst & Gogg\AppData\Roaming\Win-NeKo.ini [2011/03/02 11:42:09 | 000,118,272 | ---- | C] () -- C:\Users\Ernst & Gogg\Gebührenformulare.dot [2011/03/02 11:42:09 | 000,005,064 | ---- | C] () -- C:\Users\Ernst & Gogg\Gebührenformulare.INI [2011/03/02 11:42:07 | 000,077,409 | ---- | C] () -- C:\Users\Ernst & Gogg\Uninst.isu [2011/03/02 11:42:07 | 000,073,174 | ---- | C] () -- C:\Users\Ernst & Gogg\Readme.pdf [2011/03/02 11:30:18 | 000,000,313 | ---- | C] () -- C:\Windows\SHISETUP.SYS [2011/03/02 11:27:39 | 000,626,456 | ---- | C] () -- C:\Users\Ernst & Gogg\setup.bmp [2011/03/02 11:27:39 | 000,567,913 | ---- | C] () -- C:\Users\Ernst & Gogg\userinfo.rtf [2011/03/02 11:27:39 | 000,374,922 | ---- | C] () -- C:\Users\Ernst & Gogg\IPview.spl [2011/03/02 11:27:39 | 000,015,624 | ---- | C] () -- C:\Users\Ernst & Gogg\shiinfo.rtf [2011/03/02 11:27:39 | 000,011,231 | ---- | C] () -- C:\Users\Ernst & Gogg\userinfo_lang.rtf [2011/03/02 11:27:39 | 000,009,260 | ---- | C] () -- C:\Users\Ernst & Gogg\IPview.mod [2011/03/02 11:27:39 | 000,005,709 | ---- | C] () -- C:\Users\Ernst & Gogg\orderinfo.rtf [2011/03/02 11:27:39 | 000,000,434 | ---- | C] () -- C:\Users\Ernst & Gogg\IPVStdPrintHeader.ptm [2011/03/02 11:27:39 | 000,000,340 | ---- | C] () -- C:\Users\Ernst & Gogg\IPVStdPrintBody.ptm [2011/03/02 11:27:39 | 000,000,227 | ---- | C] () -- C:\Users\Ernst & Gogg\IPVStdPrintFooter.ptm [2011/03/02 11:27:38 | 000,880,128 | ---- | C] () -- C:\Users\Ernst & Gogg\htmvwrap.dll [2011/03/02 11:27:38 | 000,020,216 | ---- | C] () -- C:\Users\Ernst & Gogg\Deubner.bmp [2011/03/02 11:27:38 | 000,005,040 | ---- | C] () -- C:\Users\Ernst & Gogg\hotlineinfo.rtf [2011/03/02 11:19:57 | 000,048,390 | ---- | C] () -- C:\Users\Ernst & Gogg\Allgemeine Bedienungshinweise.pdf [2011/03/02 10:06:25 | 000,006,656 | ---- | C] () -- C:\Users\Ernst & Gogg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/27 18:13:02 | 000,000,943 | ---- | C] () -- C:\Users\Ernst & Gogg\Eigene Dokumente - Verknüpfung.lnk [2010/12/03 20:16:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/12/03 20:12:37 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/11/09 16:41:29 | 000,072,017 | ---- | C] () -- C:\Windows\SysWow64\Uninstall ALDI SÜD Mah Jong.exe ========== LOP Check ========== [2011/03/24 08:52:29 | 000,000,000 | --SD | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\.# [2011/03/02 13:48:46 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\7-PDFMaker [2011/02/27 23:05:04 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\ALDI_SUED_Mah_Jong [2011/03/01 22:42:00 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1 [2012/06/22 10:50:08 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Dropbox [2011/02/28 22:02:05 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Foxit Software [2011/12/05 20:52:35 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\kock [2012/02/22 09:45:05 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Nokia [2011/03/02 10:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Nokia Ovi Suite [2012/02/22 10:00:53 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Nokia Suite [2011/03/02 10:01:06 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\PC Suite [2012/06/13 16:58:26 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\TestApp [2011/06/05 19:28:45 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Windows Live Writer [2011/06/08 09:47:27 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Workshop [2011/12/09 21:57:07 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\xmldm [2011/06/02 21:04:37 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/02/21 19:31:21 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011/12/29 17:59:28 | 000,000,000 | ---D | M] -- C:\CanoScan [2011/02/27 16:05:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012/06/22 06:52:06 | 000,000,000 | ---D | M] -- C:\FRST [2012/06/14 16:08:04 | 000,000,000 | ---D | M] -- C:\GVService [2011/02/27 23:09:53 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012/06/13 16:35:55 | 000,000,000 | R--D | M] -- C:\Program Files [2012/06/13 17:04:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012/06/13 21:16:50 | 000,000,000 | ---D | M] -- C:\ProgramData [2011/02/27 16:05:08 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/06/13 16:55:52 | 000,000,000 | ---D | M] -- C:\sh4ldr [2012/06/22 12:09:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012/06/13 15:24:35 | 000,000,000 | R--D | M] -- C:\Users [2012/06/14 21:13:00 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > < %localappdata%\*. /5 > [2012/06/20 18:41:08 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Local\Microsoft [2012/06/22 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Local\Temp < MD5 for: IASTOR.SYS[1].HTM > [2012/06/22 09:40:54 | 000,025,298 | ---- | M] () MD5=B7825CAC387CD914C1E7E15DBF97F857 -- C:\Users\Ernst & Gogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4BUG8CL\iastor.sys[1].htm < MD5 for: SERVICES.EXE > [2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe [2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: USER32.DLL > [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\dc27c38d9b7eaf96642aee3cb3400730\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\dc27c38d9b7eaf96642aee3cb3400730\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 < End of report > Code:
ATTFilter TL Extras logfile created on: 6/22/2012 12:07:30 PM - Run 1 OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Ernst & Gogg\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.36% Memory free 8.00 Gb Paging File | 6.15 Gb Available in Paging File | 76.87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1366.17 Gb Total Space | 1083.14 Gb Free Space | 79.28% Space Free | Partition Type: NTFS Drive D: | 30.00 Gb Total Space | 10.37 Gb Free Space | 34.58% Space Free | Partition Type: NTFS Drive I: | 465.65 Gb Total Space | 194.47 Gb Free Space | 41.76% Space Free | Partition Type: FAT32 Drive J: | 1.92 Gb Total Space | 1.20 Gb Free Space | 62.52% Space Free | Partition Type: FAT Computer Name: MEDION01 | User Name: Ernst & Gogg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\windows\system32\rundll32.exe" "C:\windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00A7E774-2626-439B-AD22-5D3DD84F58BA}" = lport=2869 | protocol=6 | dir=in | app=system | "{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{09A801D6-50CD-4DAB-861B-C99B081434C8}" = rport=137 | protocol=17 | dir=out | app=system | "{0AECE74E-12C4-48AF-A42C-78352A9D14E0}" = lport=137 | protocol=17 | dir=in | app=system | "{0DF974C6-A309-4DD5-83ED-310D86AE5037}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{133F6850-AD5C-4F4E-8853-ACB742D35E39}" = rport=139 | protocol=6 | dir=out | app=system | "{24B242EE-8380-4A98-B5FC-9E229E39788C}" = lport=10243 | protocol=6 | dir=in | app=system | "{3B619D04-5C1F-4DB4-9302-0216D4945162}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{4AF79DF7-63C1-4463-979C-8A2F3462F7BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4B1C21F8-D731-4AA6-A189-72E135FEA635}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{51326300-E8DF-4607-A38C-F57E95241503}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{524F2F30-6BF6-464B-8849-5D007BFCA14E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5B7DD138-1BC3-436F-9FE7-3A242A4EC721}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8B495AFB-A6B1-4266-8DAD-1BEE10CA6242}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8E7E13F8-981D-4018-8A08-E5822D94515C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{97EFAC1A-503E-441B-872E-7D5910C25FFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9882EF55-4D73-4800-867B-1426BEAC9A58}" = lport=445 | protocol=6 | dir=in | app=system | "{9ACC7435-500D-48E4-AC83-5B917A55DC7B}" = rport=445 | protocol=6 | dir=out | app=system | "{A8BB59F2-F5D8-4A74-ADCC-72E55EDAD6E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B5C106DF-47FE-498E-AA04-EBB2645B6089}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B610479A-E4E9-420A-B5E2-332B708C3AC4}" = lport=138 | protocol=17 | dir=in | app=system | "{BDFC4105-FA73-46E8-B7ED-374BA5D79F0F}" = lport=139 | protocol=6 | dir=in | app=system | "{C33B4BED-531A-4C45-842E-EFD54114C549}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CA24C114-83BC-4D33-B0BB-659A8A7E3FBA}" = rport=10243 | protocol=6 | dir=out | app=system | "{CA2BCC48-4ED6-44AD-B96F-26CBF53B2EB4}" = rport=138 | protocol=17 | dir=out | app=system | "{E4231910-69D8-4E6F-8758-EC353B25EB8A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CBAF39-0FE4-4319-BBF6-4315C639D57F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{0B3CDE2F-5C09-4148-9706-501AE245924B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0B984603-72F5-415B-8070-4C77CB80EE69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{13149270-227A-4615-A9BC-2EBDBF0A4D43}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{20F83367-4815-497E-A2B4-FC287EEE2C22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{27C34A10-592F-4EEC-AE45-CCDA49583AC2}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{284AA70A-4051-47D3-8DFE-4B0E486EBEE3}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{2BF0CAD7-4B88-4D75-9AA7-5F19D1D4C2DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2DEA938F-24C3-4079-82E3-4DFC92FC5C90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{33CA17C1-5DEC-45BE-B9E4-B9180888C964}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{41F03C25-22D0-4295-9000-45755D873EAB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4DB1CC2D-07A4-47FB-9803-7ECDDAF9D960}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{4ED9336E-4A7C-4AA0-A838-757B9997DDE3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{5519D5B6-C5B5-49FF-AA82-02E2760D9BD9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{61044752-8B12-4C75-84EA-94D12D3A57D5}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{61454908-70C1-4701-B590-AD9CE97BA5F6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{65F857F3-C7FF-46BD-B524-94616FA082FF}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{6F93146A-FD2C-45BD-A580-DB6B12B675F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{73E6AB5C-9219-4A7F-BC16-A1E9AA19816D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7C22EBDB-02C9-4762-BD52-F6CC2771544C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{80D3E5B7-A947-4D67-9479-E6538F70973F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{86F819C3-50BE-42C6-AAAF-34F36D4A157E}" = protocol=17 | dir=in | app=c:\users\ernst & gogg\appdata\roaming\dropbox\bin\dropbox.exe | "{9559CE61-4543-4364-BD42-AF6A6A717DD2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9F7F8FDD-5F01-4F46-96B2-9EA1F197E47C}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{9FB45734-DA66-4BE9-A955-C0DDCE84D92B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A182B99C-B815-439E-A3E8-A2E07C5EC7FF}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{AA9A893D-B365-4E7B-B951-6D4A8DB74062}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{ACB484BA-8183-465A-822A-1012C8D473D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B3B2D670-70D9-46A8-BB96-DD9905D041DE}" = protocol=6 | dir=in | app=c:\users\ernst & gogg\appdata\roaming\dropbox\bin\dropbox.exe | "{C3D36546-204E-4CD1-996F-A1A008ADFA51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D1BC93E1-DD84-4C07-A540-76638495AA7F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F1DF4B45-5F5C-45B2-88AF-A19DBA5AD722}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F965331D-4AFF-4DFC-8ACC-9F874BBA8F14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FF298CEA-641A-4C84-9ED5-50BDC8005E6B}" = protocol=6 | dir=out | app=system | "TCP Query User{79D71088-8F63-4555-B706-8F7A0F691F7A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{FF6B45C2-EF7C-4F17-9A8A-65FBF218606D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{6AEF1CB7-972F-444B-8F13-6FA6AFD88FA3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{7CFAEACB-ACA4-43AB-A8DA-4E37A7C8A934}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{122C8DA5-1978-7BB6-6179-BE41806E8086}" = ccc-utility64 "{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit) "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{5479F9EC-5D71-CB4F-7091-3BF696F82035}" = ATI Catalyst Install Manager "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{0482617D-DDC3-D703-2572-7D1E55FA24CB}" = Catalyst Control Center Graphics Previews Vista "{06036391-62EB-2F47-A780-A9E1C21B4362}" = Versandhelfer "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{216BE2D3-5317-10C1-6F02-C4665CFB4507}" = CCC Help Japanese "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi "{256C2385-7E7D-8809-9D8C-020FC726A0CB}" = Catalyst Control Center InstallProxy "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26E276AC-F6C2-883E-E665-E97C735AA0AA}" = CCC Help French "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{31760C30-2C21-75D1-675E-3388AAC04068}" = CCC Help Dutch "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{49CB6744-E778-406C-91CD-F583B9AF4656}" = Formularpraxis - Verlag Dr. Otto Schmidt "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{5380E159-9445-C146-ECBC-5DF6E97FAB85}" = CCC Help Swedish "{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{54F89819-7AF7-9A0A-1F45-2E19F0CA18A8}" = CCC Help Finnish "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{59F324A2-667C-EA14-0A8D-DC3794330056}" = CCC Help Danish "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack "{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7D14B7C4-10DA-173B-D073-DED305D55099}" = Catalyst Control Center Localization All "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{934331FE-E81E-B486-A049-382715BE7416}" = CCC Help German "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A850B824-9CE5-EEDE-D762-3C9518ABAC98}" = ccc-core-static "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA0F476C-CA5F-F382-67B2-F0085C1EBC6E}" = CCC Help Norwegian "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B765F43A-6189-61F7-5D8A-0B9E8A851193}" = CCC Help English "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE2A3E12-3592-1A8B-D3B3-60E2C07C52C2}" = CCC Help Italian "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F354B79F-C895-AC25-EC8F-72DAFF960B83}" = CCC Help Spanish "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong "Ashampoo Burning Studio_is1" = Ashampoo Burning Studio "Ashampoo Photo Commander_is1" = Ashampoo Photo Commander "Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer "Ashampoo Snap_is1" = Ashampoo Snap "Avira AntiVir Desktop" = Avira Free Antivirus "DEUBNER VERLAG HANDBUCH DES WOHNUNGSEIGENTUMSRECHTS 1_0" = Deubner Verlag Handbuch des Wohnungseigentumsrechts 1.0 "DEUBNER VERLAG PRAXISMODUL ARBEITS_ UND SOZIALVERSICHERU 1_0" = Deubner Verlag Praxismodul Arbeits- und Sozialversicheru 1.0 "DivX Setup.divx.com" = DivX-Setup "dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer "Foxit Reader" = Foxit Reader "Gebührenformulare" = Gebührenformulare "Google Chrome" = Google Chrome "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Nokia PC Suite" = Nokia PC Suite "Nokia Suite" = Nokia Suite "Office14.SingleImage" = Microsoft Office Home and Student 2010 "RealPlayer 15.0" = RealPlayer "VLC media player" = VLC media player 1.1.9 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite" = Windows Live Essentials "Winmail Opener" = Winmail Opener 1.4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "GVService" = GVService ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2/21/2012 8:00:34 PM | Computer Name = Medion01 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 2/22/2012 3:58:05 AM | Computer Name = Medion01 | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ernst & Gogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL2VP5EE\SoftonicDownloader_fuer_nokia-pc-suite.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 2/22/2012 7:31:10 PM | Computer Name = Medion01 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 2/22/2012 7:33:01 PM | Computer Name = Medion01 | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\ernst & gogg\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ZL2VP5EE\softonicdownloader_fuer_nokia-pc-suite.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 2/24/2012 1:33:35 PM | Computer Name = Medion01 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d762323 Name des fehlerhaften Moduls: Flash64_11_1_102.ocx, Version: 11.1.102.62, Zeitstempel: 0x4f39bfea Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000142519 ID des fehlerhaften Prozesses: 0x21d0 Startzeit der fehlerhaften Anwendung: 0x01ccf2cd26dda8c9 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocx Berichtskennung: ad5d0d13-5f0d-11e1-aaee-6c626dc178d5 Error - 2/25/2012 9:51:43 AM | Computer Name = Medion01 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 2/26/2012 7:30:40 PM | Computer Name = Medion01 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 2/29/2012 4:32:09 AM | Computer Name = Medion01 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d762323 Name des fehlerhaften Moduls: Flash64_11_1_102.ocx, Version: 11.1.102.62, Zeitstempel: 0x4f39bfea Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000076812c ID des fehlerhaften Prozesses: 0x1980 Startzeit der fehlerhaften Anwendung: 0x01ccf6b36f737d8e Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocx Berichtskennung: de05accb-62af-11e1-a5a7-6c626dc178d5 Error - 3/4/2012 8:25:25 AM | Computer Name = Medion01 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d762323 Name des fehlerhaften Moduls: Flash64_11_1_102.ocx, Version: 11.1.102.62, Zeitstempel: 0x4f39bfea Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000559d30 ID des fehlerhaften Prozesses: 0x2080 Startzeit der fehlerhaften Anwendung: 0x01ccf9e4eb032847 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocx Berichtskennung: 1e53364d-65f5-11e1-a5a7-6c626dc178d5 Error - 3/5/2012 3:29:28 AM | Computer Name = Medion01 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d762323 Name des fehlerhaften Moduls: Flash64_11_1_102.ocx, Version: 11.1.102.62, Zeitstempel: 0x4f39bfea Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000007682e1 ID des fehlerhaften Prozesses: 0x1658 Startzeit der fehlerhaften Anwendung: 0x01ccfa98220ea4b8 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocx Berichtskennung: f0daf539-6694-11e1-a5a7-6c626dc178d5 [ System Events ] Error - 6/19/2012 3:01:27 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 6/19/2012 3:01:44 AM | Computer Name = Medion01 | Source = DCOM | ID = 10005 Description = Error - 6/19/2012 3:01:44 AM | Computer Name = Medion01 | Source = DCOM | ID = 10005 Description = Error - 6/22/2012 4:50:49 AM | Computer Name = Medion01 | Source = WMPNetworkSvc | ID = 866300 Description = < End of report > |
23.06.2012, 05:55 | #27 |
/// Selecta Jahrusso | SMART HDD Schwierigkeiten bei der Entfernung Ist das ein Rechner einer Rechtsanwaltskanzlei ? Wenn ja, würde ich ihn neu aufsetzen. Deine Entscheidung, ich sag nur, dass es mehr Arbeit sein wird, da soviel schon selber rumgepfuscht wurde und ob ich jetzt alles Finde, ist die andere Sache.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
23.06.2012, 07:53 | #28 |
| SMART HDD Schwierigkeiten bei der Entfernung Hallo Daniel, ja, es ist EIN (mein) Einzelarbeitsplatz der Kanzlei; derzeit und im Zeitpunkt der Infektion nicht an ein Netzwerk angeschlossen. Er wird beruflich aber auch privat genutzt. Sensible Daten sind alle mehrfach gesichert; es wäre also grds. möglich den Rechner neu aufzusetzen. Bevor ich das entscheide: Kannst Du noch kurz erläutern was "mehr "Arbeit" bedeutet und welches Ausmaß und Bedeutung der "Pfusch" hat; insbesondere: ist erkennbar ob der Rechner (noch) infiziert ist, oder ob "lediglich"" Sicherheitslücken bestehen? Was wäre möglicherwiese"zu finden" , bzw. wonach wäre zu suchen? Vielen Dank für Deine Bemühungen und vor allem für die klaren Statements. Dieter und aus gegebenem Anlass: gerade habe ich (ohne Anlass) einen mbam quick -scan nach update laufen lassen mit diesem Ergebnis Code:
ATTFilter Datenbank Version: v2012.06.23.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ernst & Gogg :: MEDION01 [Administrator] Schutz: Aktiviert 23.06.2012 09:05:31 mbam-log-2012-06-23 (09-05-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213887 Laufzeit: 3 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Ernst & Gogg\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Geändert von moloko (23.06.2012 um 08:22 Uhr) |
23.06.2012, 08:43 | #29 |
/// Selecta Jahrusso | SMART HDD Schwierigkeiten bei der Entfernung Pfusch war vl der falsche Ausdruck. Ich steh halt nicht auf diese "Wie entfernen sie blabla" Anleitungen auch wenn Malwarebytes und Co sehr gut darin sind. Es gibt ja durchaus Gründe, warum wir hier jeden einzelnen User behandeln. Gäbe es All in One Anleitungen, wäre ich hier wahrscheinlich sinnlos Ich sehe keine Anweisung von mir, MBAM erneut laufen zu lassen. Der Fund ist im Grunde nichts mehr, gehört nur zu einer Infektion. Mehrarbeit bedeutet einfach, dass wir jetzt mal den Fehlenden Treiber finden müssen, wozu wir wahrscheinlich eine Win DVD brauchen, da ich keine Kopie auf deinem System finden kann. Dann muss ich mal herausfinden, was dafür verantwortlich ist, warum auf die VSS nicht zugegriffen werden kann ..... Darum, ich sage einfach CD rein, davon booten, neu installieren, Datensicherung einspielen = alles wie vorher, 100% cleanes System. Arbeit auf eine gute Stunde, wobei ne halbe Stunde davon sowieso die Windows Installation für dich arbeitet. Ich seh das jetzt mal aus wirtschaftlicher Sicht. ( bei Freunden, die ne Datensicherung haben, mach ich es nicht anders )
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
26.06.2012, 07:51 | #30 |
| SMART HDD Schwierigkeiten bei der Entfernung Hallo Daniel; ich verstehe. Allerdings fand ich bei meinem Erstkontakt hier bereits die schematischen Lösungsansätze ausgesprochen hilfreich; immerhin konnte der Rechner damit innerhalb kurzer Zeit wieder benutzt werden - und bis heute ohne weitere sichtbare Vorkommnisse. Die individuelle Problembehandlung habe ich derart engagiert gar nicht erwartet; ganz unabhängig von meiner Sache dafür großen Respekt und vielen Dank. Ich denke i.M. noch nach, was ich tun werde. Gesichert sind die beruflichen Daten, nicht vollständig jedoch leider das Private was hier liegt; das hätte ich dann noch nachzuholen.... andererseits interessiert mich die Problembehandlung, für Euch Alltag; für mich sehr aufschlussreich und spannend...sofern das im Rahmen Deiner zeitlichen Inanspruchnahme hier möglich ist, denke ich deshalb - ganz unabhängig von meinen wirtschaftlichen Erwägungen - darüber nach, diese Problembehandlung fortzuführen und wenn möglich zu Ende zu bringen. Wärst Du dazu bereit? Grüße! Dieter Geändert von moloko (26.06.2012 um 08:11 Uhr) |
Themen zu SMART HDD Schwierigkeiten bei der Entfernung |
abgesicherte, abgesicherten, alter, anleitung, bereits, bricht, desktop, entfernung, forum, gespeichert, guten, iexplore, leitung, löschen, mehrfach, modus, sekunden, smart, start, starte, startet, versucht, wenige, zusammen, zwischen |