|
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsseltWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.06.2012, 11:34 | #1 |
| Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt Hallo Ich habe mir vorgestern einen Verschlüsselungstrojaner eingefangen. Via email-Anhang. ( Vermeindliche Rechnung) Nachdem der Ukash-Bildschirm erschien, bin ich in den abgesicherten Modus und habe Avira laufen lassen. Dieser fand dann folgende Übeltäter: TR/Agent.47104-L TR/Matsnu.A.67 EXP/CVE-2011-3544 EXP/2010-0840.CM EXP/JAVA.Ternub.Gen EXP/CVE-0840.HE EXP/CVE-2011-3544.CF EXP/JAVA.Coniz.Gen EXP/CVE-2010-0840 Ich habe anschließend die Funde entfernt. Der Rechner fuhr ganz normal hoch, aber seither sind sämtliche Dateien ohne " Locked" verschlüsselt. Eine Sytemwiederherstellung änderte nichts daran. Ich habe dann alle hier empfohlenen Programme getestet. Ohne Erfolg. Jetzt habe ich OTL scannen lassen. Hier nun die Ergebnisse: OTL logfile created on: 14.06.2012 12:06:32 - Run 4 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Hans-Peter\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 40,87% Memory free 7,73 Gb Paging File | 5,04 Gb Available in Paging File | 65,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,58 Gb Total Space | 339,83 Gb Free Space | 75,09% Space Free | Partition Type: NTFS Drive D: | 12,88 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 94,93 Mb Free Space | 95,87% Space Free | Partition Type: FAT32 Drive F: | 2,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HANS-PETER-PC | User Name: Hans-Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 10:22:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hans-Peter\Desktop\OTL.exe PRC - [2012.06.14 10:19:38 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\Defogger.exe PRC - [2012.05.14 22:10:08 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012.05.08 19:41:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 19:41:08 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 19:41:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.03.26 11:24:58 | 001,516,600 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 13:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011.09.29 13:44:32 | 001,756,232 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe PRC - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.02.12 18:50:47 | 000,729,488 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.08.25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe PRC - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe PRC - [2006.09.26 02:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files (x86)\Common Files\aol\1297545160\ee\aolsoftware.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 10:19:38 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\Defogger.exe MOD - [2012.05.05 09:05:03 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012.03.26 11:25:32 | 000,345,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2012.03.26 11:25:32 | 000,282,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2012.03.26 11:25:26 | 008,197,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll MOD - [2012.03.26 11:25:26 | 002,302,008 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2012.03.26 11:25:24 | 000,027,704 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2012.03.26 11:25:22 | 000,202,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2011.09.29 13:44:36 | 000,498,760 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll MOD - [2011.09.29 13:44:34 | 000,123,976 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.10.16 13:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2009.10.16 13:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2009.10.16 13:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.23 11:32:49 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2012.05.21 21:25:04 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint) SRV - [2012.05.21 21:24:56 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2012.05.08 19:41:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 19:41:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.05 09:05:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.09.16 16:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.08.25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.12.17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.21 21:24:56 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2012.05.08 19:41:12 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 19:41:12 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.11.01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.11.01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.10.28 20:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.16 16:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2011.09.16 16:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.21 19:46:37 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.11.03 20:59:04 | 000,299,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.24 03:53:00 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.05 10:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.30 02:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP) DRV:64bit: - [2009.08.30 02:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2006.11.30 00:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) WAN Miniport (ATW) DRV - [2012.05.08 15:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.09.16 16:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys -- (LMIInfo) DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.07.24 12:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {582EDF3E-3786-4C7E-AFCC-243C1B9A3772} IE:64bit: - HKLM\..\SearchScopes\{582EDF3E-3786-4C7E-AFCC-243C1B9A3772}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/layoutsexpress/{81652462-A0D1-4EFB-A5E6-AE5274CECBEF} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{582EDF3E-3786-4C7E-AFCC-243C1B9A3772}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files (x86)\Live_TV\tbLive.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Layouts Express Toolbar\tbhelper.dll () IE - HKCU\..\SearchScopes,DefaultScope = {582EDF3E-3786-4C7E-AFCC-243C1B9A3772} IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=22384a1b00000000000078e400531815&tlver=1.4.19.19&affID=17160 IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms} IE - HKCU\..\SearchScopes\{582EDF3E-3786-4C7E-AFCC-243C1B9A3772}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/layoutsexpress/{81652462-A0D1-4EFB-A5E6-AE5274CECBEF}?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.7.0.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.20007 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..extensions.enabledItems: quickprint@hp.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=22384a1b00000000000078e400531815&tlver=1.4.19.19&instlRef=sst&affID=17160&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.05.12 13:58:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.08 20:33:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 00:44:54 | 000,000,000 | ---D | M] [2011.03.03 23:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Extensions [2012.04.29 23:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions [2011.10.04 22:37:33 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.10.04 22:37:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.01 18:02:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.06.13 00:32:35 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\ffxtlbr@babylon.com [2012.06.13 00:32:35 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\plugin@yontoo.com [2012.04.29 23:55:12 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\toolbar@ask.com [2011.09.27 13:49:34 | 000,000,931 | ---- | M] () -- C:\Users\Hans-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\bo9wj6i6.default\searchplugins\conduit.xml [2012.06.13 00:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.04.20 03:55:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.28 01:14:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.09.04 12:03:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.10.23 17:03:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.06.13 00:44:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2011.01.26 15:27:28 | 000,000,000 | ---D | M] (SmartPrintButton) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\SMARTPRINT\QPEXTENSION File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.02.19 04:41:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.12 20:58:42 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.02.19 04:41:40 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.02.19 04:41:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.02.19 04:41:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.02.19 04:41:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Hans-Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Hans-Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\Hans-Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2011.11.16 14:26:28 | 000,435,266 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14978 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Live TV Toolbar) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files (x86)\Live_TV\tbLive.dll (Conduit Ltd.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Layouts Express Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Layouts Express Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Layouts Express Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Live TV Toolbar) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files (x86)\Live_TV\tbLive.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Layouts Express Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Layouts Express Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Live TV Toolbar) - {B69A9DB4-D0A1-4722-B56B-F20757A29CDF} - C:\Program Files (x86)\Live_TV\tbLive.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1297545160\ee\AOLSoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE (AOL, LLC.) O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Windows\TEMP\E_S7D4A.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html () O8 - Extra context menu item: Free YouTube Download - C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31A7B0E8-7851-447E-8ECA-472E55D7F67F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1dab9ad9-89f1-11e0-9690-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{1dab9ad9-89f1-11e0-9690-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4ed06c67-39d6-11e0-b972-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{4ed06c67-39d6-11e0-b972-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4ed06c6d-39d6-11e0-b972-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{4ed06c6d-39d6-11e0-b972-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{889d8bd8-864e-11e0-9ae7-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{889d8bd8-864e-11e0-9ae7-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 10:22:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hans-Peter\Desktop\OTL.exe [2012.06.14 09:47:13 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\Desktop\Neuer Ordner [2012.06.14 09:46:55 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\Desktop\Marley shadow [2012.06.13 15:12:42 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\www.shadowexplorer.com [2012.06.13 15:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012.06.13 15:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer [2012.06.13 15:10:55 | 000,937,024 | ---- | C] (ShadowExplorer.com ) -- C:\Users\Hans-Peter\Desktop\ShadowExplorer-0.8-setup.exe [2012.06.13 14:53:42 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.06.13 14:53:35 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.06.13 14:53:29 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.06.13 14:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.06.13 14:52:59 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\TuneUp Software [2012.06.13 14:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012 [2012.06.13 14:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.06.13 14:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.06.13 14:52:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.06.13 00:56:50 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\Malwarebytes [2012.06.13 00:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.13 00:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.13 00:56:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.13 00:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 00:54:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hans-Peter\Desktop\mbam-setup.exe [2012.06.12 23:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.06.12 20:58:58 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\BabylonToolbar [2012.06.12 20:58:51 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam [2012.06.12 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012.06.12 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Local\Wajam [2012.06.12 20:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam [2012.06.12 20:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.06.12 20:58:32 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor [2012.06.12 20:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uncompressor [2012.06.12 20:58:31 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\Babylon [2012.06.12 20:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.06.10 22:28:07 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\Documents\07.06.2012 [2012.05.20 12:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.20 12:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.20 12:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.14 12:01:00 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2012.06.14 12:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.14 11:55:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.14 11:55:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.14 10:22:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hans-Peter\Desktop\OTL.exe [2012.06.14 10:20:56 | 000,000,000 | ---- | M] () -- C:\Users\Hans-Peter\defogger_reenable [2012.06.14 10:19:38 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\Defogger.exe [2012.06.13 18:08:03 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 18:08:03 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 18:01:11 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.06.13 18:00:41 | 000,001,962 | ---- | M] () -- C:\Users\Hans-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk [2012.06.13 17:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.13 17:58:56 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys [2012.06.13 17:53:19 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2012.06.13 15:12:35 | 000,001,889 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\ShadowExplorer.lnk [2012.06.13 15:10:55 | 000,937,024 | ---- | M] (ShadowExplorer.com ) -- C:\Users\Hans-Peter\Desktop\ShadowExplorer-0.8-setup.exe [2012.06.13 14:53:12 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.06.13 14:53:12 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.06.13 12:03:38 | 000,019,458 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\DecryptHelper-0.5.jar [2012.06.13 11:55:37 | 000,231,887 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\Trojan.Ransom.HM-Decrypt_v1.zip [2012.06.13 11:31:42 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.06.13 11:31:42 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.06.13 06:47:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHans-Peter.job [2012.06.13 00:56:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.13 00:55:12 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hans-Peter\Desktop\mbam-setup.exe [2012.06.11 21:39:07 | 000,046,825 | ---- | M] () -- C:\Users\Hans-Peter\Documents\Tabelle.zip [2012.06.03 23:01:15 | 000,002,983 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\BMW_M_Logo_WP01.jpg [2012.06.01 10:21:09 | 000,007,627 | ---- | M] () -- C:\Users\Hans-Peter\AppData\Local\Resmon.ResmonCfg [2012.06.01 09:24:33 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.01 09:24:33 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.01 09:24:33 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.01 09:24:33 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.01 09:24:33 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.29 13:09:54 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.05.29 13:09:50 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.05.29 13:09:50 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.05.23 09:04:09 | 000,010,468 | ---- | M] () -- C:\Users\Hans-Peter\Documents\Widerrufsbelehrung.pdf [2012.05.22 05:47:44 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHANS-PETER-PC$.job [2012.05.21 21:24:56 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll [2012.05.21 21:24:56 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll [2012.05.21 21:24:56 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll [2012.05.16 23:06:04 | 000,348,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.14 10:20:56 | 000,000,000 | ---- | C] () -- C:\Users\Hans-Peter\defogger_reenable [2012.06.14 10:19:38 | 000,050,477 | ---- | C] () -- C:\Users\Hans-Peter\Desktop\Defogger.exe [2012.06.13 18:01:10 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.06.13 17:53:19 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2012.06.13 15:12:35 | 000,001,889 | ---- | C] () -- C:\Users\Hans-Peter\Desktop\ShadowExplorer.lnk [2012.06.13 14:53:12 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.06.13 14:53:12 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.06.13 14:53:11 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.06.13 12:03:38 | 000,019,458 | ---- | C] () -- C:\Users\Hans-Peter\Desktop\DecryptHelper-0.5.jar [2012.06.13 11:55:37 | 000,231,887 | ---- | C] () -- C:\Users\Hans-Peter\Desktop\Trojan.Ransom.HM-Decrypt_v1.zip [2012.06.13 00:56:43 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.11 21:39:06 | 000,046,825 | ---- | C] () -- C:\Users\Hans-Peter\Documents\Tabelle.zip [2012.06.03 23:01:15 | 000,002,983 | ---- | C] () -- C:\Users\Hans-Peter\Desktop\BMW_M_Logo_WP01.jpg [2012.06.02 13:42:00 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHans-Peter.job [2012.05.23 09:04:08 | 000,010,468 | ---- | C] () -- C:\Users\Hans-Peter\Documents\Widerrufsbelehrung.pdf [2012.02.28 20:35:07 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.02.26 12:00:03 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI [2012.01.01 19:37:31 | 001,302,861 | ---- | C] () -- C:\ProgramData\IMG_0592.mov [2011.09.18 19:53:55 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.09.18 19:53:55 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.05.14 19:51:41 | 000,001,854 | ---- | C] () -- C:\Users\Hans-Peter\AppData\Roaming\GhostObjGAFix.xml [2011.03.08 00:29:51 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.02.25 23:23:31 | 000,007,627 | ---- | C] () -- C:\Users\Hans-Peter\AppData\Local\Resmon.ResmonCfg [2011.02.17 21:10:48 | 000,000,004 | ---- | C] () -- C:\Users\Hans-Peter\AppData\Roaming\wklnhst.dat [2011.02.12 23:11:45 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.12 18:43:22 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011.02.12 18:40:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.02.12 18:34:17 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2011.02.12 18:34:17 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini ========== LOP Check ========== [2011.12.25 15:53:20 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Azureus [2012.06.12 20:58:31 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Babylon [2012.06.13 00:32:35 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\BabylonToolbar [2011.10.01 12:07:56 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoft [2011.04.24 22:26:24 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.24 14:32:58 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\elsterformular [2012.06.13 00:33:52 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\FreeArc [2011.02.13 16:03:15 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\GetRightToGo [2011.12.21 19:53:44 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\gtk-2.0 [2011.11.19 01:53:25 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Hobbyist Software [2011.12.12 11:47:36 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\ManyCam [2012.02.19 00:07:51 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Need for Speed World [2012.05.12 14:03:33 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Nokia [2011.02.12 19:47:40 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Opera [2012.05.12 14:41:20 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\PC Suite [2011.11.16 20:48:16 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\redsn0w [2012.03.07 09:57:44 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Systweak [2011.08.29 21:26:09 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Template [2012.06.13 14:52:59 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\TuneUp Software [2012.03.30 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\TuneUpMedia [2011.02.23 02:00:02 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Verbindungsassistent [2011.04.13 00:56:59 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Windows Live Writer [2012.06.13 15:12:42 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\www.shadowexplorer.com [2012.06.13 18:01:11 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.11.02 23:10:30 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 14.06.2012 10:24:15 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Hans-Peter\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 59,07% Memory free 7,73 Gb Paging File | 5,31 Gb Available in Paging File | 68,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,58 Gb Total Space | 339,84 Gb Free Space | 75,09% Space Free | Partition Type: NTFS Drive D: | 12,88 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 94,93 Mb Free Space | 95,87% Space Free | Partition Type: FAT32 Drive F: | 2,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HANS-PETER-PC | User Name: Hans-Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00A4726C-946B-4A35-A85C-50E49003233D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0D4F05BF-4A32-4359-B694-4BCC37ED4D29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{150AB002-607D-42B8-9605-AFB7D34A3526}" = rport=138 | protocol=17 | dir=out | app=system | "{1916AA29-619A-4F62-9673-571653E4B68B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{27B6C035-8D1A-4D1F-89C5-CA6B7F7090F5}" = rport=445 | protocol=6 | dir=out | app=system | "{2F447FA2-7C31-4C10-A635-218D57C3CD88}" = rport=137 | protocol=17 | dir=out | app=system | "{41B3A0C4-3DED-4BB0-86DC-23E31317D2AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4AF0ED2A-DB94-437C-A829-BFDFF33E00A2}" = lport=138 | protocol=17 | dir=in | app=system | "{4F465E82-5B7C-4976-B868-856387DA8655}" = lport=445 | protocol=6 | dir=in | app=system | "{5A50F88E-B222-4120-94C4-FA8658171A76}" = rport=139 | protocol=6 | dir=out | app=system | "{5C20B042-457D-4453-B153-22D28F3AF023}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6FA5A89B-C8CC-4C2B-8155-6544615FDCC1}" = lport=139 | protocol=6 | dir=in | app=system | "{7080A826-B2FF-441B-B207-52918C1AD08B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7E92E04B-2904-4344-AA77-E86B21CFA10F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{89E7325A-B3B4-4C0C-8103-6898DC4DDB13}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{93AC6364-FA03-46CC-8D60-218460E149B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A10E1AE3-F468-464D-B3CB-199C319536FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A84B6FC2-15F0-418D-9C43-6AC8C73A3A4A}" = lport=2869 | protocol=6 | dir=in | app=system | "{BBD6BA45-8CE8-4C49-B4E7-485C9585158C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C75CA48F-B61C-4BD8-BD68-BC6EBF8613E4}" = lport=10243 | protocol=6 | dir=in | app=system | "{DCE999DE-7076-44C6-BDA4-5316EEF6952B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E4CBEEFA-E8D7-4B63-81F6-B6BE1A0057E1}" = rport=10243 | protocol=6 | dir=out | app=system | "{ED160436-4E92-48C4-8A17-85F11F63F83B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F3316B69-5E09-40C4-833A-FDB6729B91F0}" = lport=2869 | protocol=6 | dir=in | app=system | "{F73DB563-7353-45F8-977D-AEF75A112EB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F882033B-2F0C-472A-8F60-34E5FCE61398}" = lport=137 | protocol=17 | dir=in | app=system | "{FC43EC05-8396-4E65-8F07-255B988D8603}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09FF0DF3-F9B6-450B-8500-2A776F7F9862}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{10156FEA-E353-45B5-BA71-80E4BCC9BF4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{139411B2-42A7-4286-BE09-8FE71F47E65A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{15A0E65A-CFFA-4A08-8F72-57EE7949129C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{179449A0-239E-4EE1-A3A7-2BF976B26171}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{2A356317-EB72-49EE-AC85-04927D638BD4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{2D70C6A2-83B8-490B-BCAC-E81F30E8DF64}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{2E229E83-E053-401F-AA8B-37E21B6110F3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1297545160\ee\aolsoftware.exe | "{33EE9A21-0AD3-4552-A4B5-5B2ABF04EA73}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe | "{375F1205-18D4-483A-9951-28B32FFC64E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3B76F13D-73A8-402F-9BDB-3D363FE045E1}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\mdnsresponder.exe | "{3D1733C6-CCC5-4601-8873-21D23E90B9F1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3EE85647-FC12-4E99-B177-2B12812BE53D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{3FB9E1DB-AE07-4D59-B518-A76DE2C0920D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{4C19C657-0476-4F99-80B5-4A973BC57C97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{563550BA-3E8C-4D1F-8637-C00719D65DA7}" = protocol=6 | dir=out | app=system | "{5F5B15D6-593D-465E-B918-7B46B8995B30}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{64972AA2-0CB0-47A2-952D-ECAED6ECEC8F}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\vlc streamer configuration.exe | "{65A219A7-B1CB-43F4-9252-07A62A15CEB5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{661A4409-E2BA-484C-8958-D80A700175F3}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{72C3088F-5394-460E-89AF-C966755B6010}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{78234CFD-F6F8-4AAA-9BA4-9B7752590365}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7BC6CC3A-B0FD-4CA3-8AB7-E8171E6F2679}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{8132DC6E-81EC-4848-BD26-7A4A999980C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{818E331B-ED67-4D69-AE57-835611012009}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{84FA3368-4957-432A-8BA4-DBFA87F4D646}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | "{86719BC2-50F4-4F15-B59D-60F0E0A0340D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{968FE89E-0BF5-4B53-BBCC-DE8C88980AF3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{97512723-4D2F-4B57-B971-727B06820FC1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{A040E550-355F-4FE4-AF7A-9150A5694092}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1297545160\ee\aolsoftware.exe | "{A375F652-940A-4A57-A46F-3261AC91B196}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{A664C89D-0542-4A67-9C57-6B3D92CAECD6}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.0 vr\waol.exe | "{ABC52FA6-16F5-4BD4-A082-1B93E2F4FB34}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{ABF995A6-81D3-410D-BB0A-27FA3F2FD943}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B04504E4-276D-4101-BE6D-7D6747A222D7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{B18B0AA9-1528-4B7A-A699-6932EBD820F2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{B1D65436-49B8-4882-94EB-E47B12D7BFAF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{B270C5A1-8CEC-4BE3-8A86-10F33732F45A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B6996356-E04B-4776-8499-1A18F0BF509D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{BC6BBD13-B1C4-4593-B89F-381EEA8AA065}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{C0D9C258-EB9A-4B4D-88F9-4B1E6584245E}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.0 vr\waol.exe | "{C27F0A15-0062-47DD-B6E0-E7C9F3E34C8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C56484B1-37BC-471F-8B2F-4EAA17AC02D7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C67A34EB-375A-4D5F-A75E-D1959D192E0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C70389F4-BB35-4BF2-9729-CCCB8DF4A13A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D53AF265-C7BD-44C6-BAB5-9CA8385126BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{DAC4EAFA-A065-47D0-A126-DD5034AA6CD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DC7BAFD3-57F8-48FD-87E2-337C69B8CF47}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{DD7717B5-CB61-40A9-B908-5736820A5F81}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{E0686CE0-CA91-4452-9D7C-26F7034276B7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E094168C-B6B4-4BD3-AB1A-0538160D2846}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | "{E7CFBCBC-702F-431F-93A6-083D95FF1D3B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{EB1259DA-FA74-40C4-A0AC-3C45172D1F32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F2E46166-3E44-4C9D-AD23-2D663E8C4B4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F3D753E1-4700-41FC-9626-2C2405F44122}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{F50D615B-5470-4AA7-8ED0-17B0A11B6C8D}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | "{F6BFE979-3890-4D70-B8D1-DD13A8D403A0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{03EAE3D0-A6E9-4B85-84D2-BABBD7634471}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{3D9FFBEE-F222-4F6F-AEF5-1E91D930AA87}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{60683587-D6FA-45DA-944D-21C1E9900777}C:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe | "TCP Query User{9FD39F81-5401-4AB0-8345-7C4B78A8B371}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | "TCP Query User{E05BFF43-8280-484F-87E8-BAAC7DC6847A}C:\alle seck\tinyumbrella-5.00.09.exe" = protocol=6 | dir=in | app=c:\alle seck\tinyumbrella-5.00.09.exe | "UDP Query User{157A63B3-0063-4226-96C0-79F037BEA3B1}C:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe | "UDP Query User{5F97FBB8-2EAB-4B80-98F9-2AC95AAF1E2B}C:\alle seck\tinyumbrella-5.00.09.exe" = protocol=17 | dir=in | app=c:\alle seck\tinyumbrella-5.00.09.exe | "UDP Query User{98B596DD-6A10-488C-96FC-FB945B9815CD}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | "UDP Query User{C8577B3A-0FD6-4257-BC86-120B5DC9850E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{E6DB7862-8DAC-4031-B28C-BBB20315B017}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{93B49FE1-0C81-479B-986A-D50DDA80E2C6}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{B0BF4E84-0EE3-4E47-B90E-27B40348E022}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) "EPSON Stylus SX400 Series" = Druckerdeinstallation für EPSON Stylus SX400 Series "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish "{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software "{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech "{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard "{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional "{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek "{3C867AA0-22EC-4B27-8C60-A354AA37D68C}_is1" = RAW Image Viewer "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light "{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish "{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides "{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update "{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{ABBC8011-1E42-4ADA-9794-574349612CEF}" = iWebcamera "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}" = LogMeIn "{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common "{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch "{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware "{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "AOL Deinstallation" = AOL Deinstallation "AOL Toolbar 4.0" = "Auction Designer_is1" = Auction Designer 1.0.10 "Avira AntiVir Desktop" = Avira Free Antivirus "Carom3D" = Carom3D "CDex" = CDex - Open Source Digital Audio CD Extractor "conduitEngine" = Conduit Engine "EasyBits Magic Desktop" = Magic Desktop "ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender "eMule" = eMule "EPSON Scanner" = EPSON Scan "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Studio_is1" = Free Studio version 5.0.8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923 "FreeArc" = FreeArc 0.666 "Google Chrome" = Google Chrome "HP Photo Creations" = HP Photo Creations "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Live TV Toolbar" = Live TV Toolbar "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "ManyCam" = ManyCam 2.6.60 (remove only) "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14) "mp3-2-wav" = mp3-2-wav converter 1.14 "NIS" = Norton Internet Security "Nokia PC Suite" = Nokia PC Suite "Opera 11.50.1074" = Opera 11.50 "Opera 11.64.1403" = Opera 11.64 "PhotoStage" = PhotoStage Slideshow Producer "Pixillion" = Pixillion Image Converter "Prism" = Prism Videodatei-Konverter "ShadowExplorer_is1" = ShadowExplorer 0.8 "Tansee iPhone Copy_is1" = Tansee iPhone Copy 5.0.0.0 "Tansee iPhone Transfer Contact_is1" = Tansee iPhone Transfer Contact "Tansee iPhone Transfer SMS_is1" = Tansee iPhone Transfer SMS "Tansee iPhone Transfer_is1" = Tansee iPhone Transfer v5.0 "TuneUp Utilities 2012" = TuneUp Utilities 2012 "TuneUpMedia" = TuneUp Companion 2.2.5 "Uninstall_is1" = Uninstall 1.0.0.1 "Verbindungsassistent" = Verbindungsassistent "ViewpointMediaPlayer" = Viewpoint Media Player "VLC Streamer_is1" = VLC Streamer 1.50 "WildTangent hp Master Uninstall" = HP Games "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WinZip Self-Extractor" = WinZip Self-Extractor ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.05.2012 06:51:21 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8081 Error - 29.05.2012 06:51:21 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8081 Error - 29.05.2012 06:51:22 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 29.05.2012 06:51:22 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9095 Error - 29.05.2012 06:51:22 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9095 Error - 29.05.2012 06:51:23 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 29.05.2012 06:51:23 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 10171 Error - 29.05.2012 06:51:23 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10171 Error - 29.05.2012 06:51:24 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 29.05.2012 06:51:24 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 11263 Error - 29.05.2012 06:51:24 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 11263 [ Hewlett-Packard Events ] Error - 28.04.2012 08:18:41 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3957 Ram Utilization: 70 TargetSite: Void UpdateAndDetect() Error - 05.05.2012 04:57:09 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3957 Ram Utilization: 60 TargetSite: Void UpdateAndDetect() Error - 05.05.2012 05:16:36 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3957 Ram Utilization: 70 TargetSite: Void UpdateAndDetect() Error - 12.05.2012 13:52:09 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3957 Ram Utilization: 70 TargetSite: Void UpdateAndDetect() Error - 19.05.2012 09:04:34 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3957 Ram Utilization: TargetSite: Void UpdateAndDetect() Error - 26.05.2012 17:56:53 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3957 Ram Utilization: 60 TargetSite: Void UpdateAndDetect() Error - 02.06.2012 07:32:40 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3957 Ram Utilization: 50 TargetSite: Void UpdateAndDetect() Error - 02.06.2012 07:41:48 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3957 Ram Utilization: TargetSite: Void UpdateAndDetect() Error - 09.06.2012 09:45:07 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3957 Ram Utilization: 70 TargetSite: Void UpdateAndDetect() Error - 12.06.2012 01:04:23 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3957 Ram Utilization: 50 TargetSite: Void UpdateAndDetect() [ System Events ] Error - 12.06.2012 18:36:05 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SRTSP Error - 12.06.2012 18:37:42 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error - 12.06.2012 18:37:42 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.06.2012 18:37:51 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.06.2012 00:47:06 | Computer Name = Hans-Peter-PC | Source = SRTSP | ID = 524292 Description = Error loading virus definitions. Error - 13.06.2012 00:47:06 | Computer Name = Hans-Peter-PC | Source = SRTSP | ID = 524293 Description = Error loading Symantec real time Anti-Virus driver. Error - 13.06.2012 00:47:52 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SRTSP Error - 13.06.2012 11:53:47 | Computer Name = Hans-Peter-PC | Source = SRTSP | ID = 524292 Description = Error loading virus definitions. Error - 13.06.2012 11:53:47 | Computer Name = Hans-Peter-PC | Source = SRTSP | ID = 524293 Description = Error loading Symantec real time Anti-Virus driver. Error - 13.06.2012 12:00:56 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SRTSP < End of report > Ich hoffe, ich habe das als absoluter Laie richtig gemacht Liebe Grüße Hans-Peter |
15.06.2012, 20:03 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt Du hast Malwarebytes installiert aber kein einziges Log davon gepostet!
__________________Allgemeine Hinweise bzgl. des Verschlüsselungstrojaners: Zur Entschlüsselung/Wiederherstellung bitte die fette Hinweisbox oben beachten! Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man (noch) nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon Eine Notlösung für Vista und Win7-User => http://www.trojaner-board.de/115496-...erstellen.html Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "original" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht! Man darf sich aber keine falschen Hoffnungen machen. Mittlerweile sieht es finster aus => Delphi-PRAXiS - Einzelnen Beitrag anzeigen - Verschlüsselungs-Trojaner, Hilfe benötigt Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html
__________________ |
Themen zu Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt |
ad-aware, antivir, autorun, avira, bho, bonjour, conduit, converter, error, fast start, firefox, flash player, format, google earth, home, install.exe, logfile, microsoft office word, mp3, netzwerk, plug-in, realtek, registry, rundll, safer networking, scan, searchscopes, security, security scan, software, svchost.exe, symantec, tarma, udp, usb 2.0, version=1.0, windows, yontoo |