| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Pc mit Windows Update Trojaner infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.06.2012, 10:56
| #1 |
| |  Pc mit Windows Update Trojaner infiziert Hallo, Ich habe durch das unvorsichteige Öffnen eines e-mail Anhangs mein PC mit dem Windos Update Trojaner infiziert. Ich konnte mein PC von einer ander Festplatte mit einem sauberem System starte aber ich würde ungerne alle Programme neu installieren. Das infizierte System befindet sich auf dem D Laufwerk. Ich habbe die empfolehne Schritte getan und lege den Inhalt der Textdokumente bei. Sollte es eine andere Lösung als die komplette Neuinstalation geben, wäre ich sehr dankbar darüber. Textinhalte: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.15.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stefan Golea :: MUSICPC [Administrator] Schutz: Aktiviert 15.06.2012 12:32:32 mbam-log-2012-06-16 (11-36-00).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 929061 Laufzeit: 4 Stunde(n), 24 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab Music Converter (Adware.Agent) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Creator (Adware.InstallCore) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Stefan Golea\AppData\Roaming\CCenter (Rogue.ControlCenter) -> Keine Aktion durchgeführt. Infizierte Dateien: 13 C:\Program Files\Vienna Ensemble Pro\Directory Manager.exe (Packer.ModifiedUPX) -> Keine Aktion durchgeführt. C:\Program Files (x86)\FoxTabMusicConverter\Uninstall\Uninstall.exe (Adware.Agent) -> Keine Aktion durchgeführt. C:\Program Files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.InstallCore) -> Keine Aktion durchgeführt. C:\Users\Stefan Golea\Downloads\MusicConverterSetup.exe (Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\Stefan Golea\Downloads\PDFCreatorSetup.exe (Adware.InstallCore) -> Keine Aktion durchgeführt. C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_virtualdub.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up (1).exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_windows-installer.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_winvistaside-updateinstaller-fur-windows-7.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\Stefan Golea\Downloads\VideoConverterSetup.exe (Adware.InstallCore) -> Keine Aktion durchgeführt. D:\Program Files\Vienna Ensemble Pro\Directory Manager.exe (Packer.ModifiedUPX) -> Keine Aktion durchgeführt. C:\Users\Stefan Golea\AppData\Roaming\CCenter\settings.ini (Rogue.ControlCenter) -> Keine Aktion durchgeführt. (Ende) OTL logfile created on: 16.06.2012 01:27:09 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Stefan Golea\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 4,52 Gb Available Physical Memory | 56,47% Memory free 16,00 Gb Paging File | 12,11 Gb Available in Paging File | 75,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698,63 Gb Total Space | 256,53 Gb Free Space | 36,72% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 276,33 Gb Free Space | 59,33% Space Free | Partition Type: NTFS Drive F: | 19,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 931,28 Gb Total Space | 504,06 Gb Free Space | 54,13% Space Free | Partition Type: FAT32 Drive I: | 465,64 Gb Total Space | 230,45 Gb Free Space | 49,49% Space Free | Partition Type: FAT32 Computer Name: MUSICPC | User Name: Stefan Golea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.06.15 14:06:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan Golea\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.27 15:44:18 | 001,304,792 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\Titanium\UIFramework\uiWinMgr.exe PRC - [2012.02.27 08:33:27 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan Golea\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.02.03 14:43:38 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\pdf24\pdf24.exe PRC - [2012.02.02 03:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Stefan Golea\AppData\Local\Akamai\netsession_win.exe PRC - [2012.01.12 06:44:56 | 000,210,744 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\ytbb.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.08.12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.06.22 21:31:34 | 001,353,232 | ---- | M] (Logitech, Inc.) -- C:\Users\Stefan Golea\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe PRC - [2011.06.22 21:31:30 | 000,351,248 | ---- | M] (Logitech, Inc.) -- C:\Users\Stefan Golea\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe PRC - [2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.04.29 01:24:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.04.22 14:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.01.20 13:04:14 | 000,370,688 | -H-- | M] (SanDisk Corporation) -- C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe PRC - [2010.10.26 18:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2010.10.26 18:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2010.03.09 01:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010.03.05 21:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2009.05.05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2007.07.12 11:11:34 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe ========== Modules (No Company Name) ========== MOD - [2012.02.27 15:44:20 | 000,057,344 | ---- | M] () -- C:\Programme\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll MOD - [2012.02.27 15:44:20 | 000,049,152 | ---- | M] () -- C:\Programme\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll MOD - [2012.02.17 11:18:47 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011.10.14 10:31:03 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll MOD - [2011.10.14 10:29:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll MOD - [2011.10.14 10:29:38 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll MOD - [2011.10.14 09:53:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll MOD - [2011.10.14 09:53:17 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.10.14 00:47:16 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll MOD - [2011.10.14 00:47:04 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll MOD - [2011.10.14 00:46:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll MOD - [2011.10.14 00:46:57 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll MOD - [2011.10.14 00:46:55 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll MOD - [2011.10.14 00:46:53 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll MOD - [2011.10.14 00:46:52 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll MOD - [2011.10.14 00:46:47 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll MOD - [2011.06.09 09:51:09 | 000,055,816 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll MOD - [2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.03.30 00:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.05 03:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2010.05.07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll MOD - [2010.05.07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll MOD - [2010.05.07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll MOD - [2010.05.07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll MOD - [2010.05.07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll MOD - [2010.02.23 22:53:22 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll MOD - [2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll MOD - [2007.07.12 11:11:34 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPUsageTracking.dll MOD - [2007.07.12 11:11:34 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe MOD - [2007.07.12 11:11:32 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPToolkit.dll MOD - [2007.07.12 11:11:32 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\Enumeration.dll MOD - [2007.07.12 11:11:16 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPTools.dll MOD - [2007.07.12 11:11:10 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPStreamsInterface.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2011.12.13 10:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License) SRV - [2012.06.14 08:28:09 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.13 10:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.04.07 17:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.02.11 17:13:49 | 000,025,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr) DRV:64bit: - [2011.12.01 11:06:03 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2011.12.01 11:06:03 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2011.12.01 11:06:03 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2011.12.01 11:06:03 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2011.08.19 11:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 300(UVC) DRV:64bit: - [2011.08.19 11:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.06.28 18:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2011.04.13 16:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.01.03 10:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.12.21 07:55:02 | 000,019,968 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB) DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.27 08:11:38 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64) DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.03.05 15:22:32 | 000,051,200 | ---- | M] (Focusrite Audio Engineering Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ffusbaudio.sys -- (FFUsbAudio) DRV:64bit: - [2010.01.25 10:00:18 | 000,214,368 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Saffire.sys -- (Saffire) DRV:64bit: - [2010.01.25 10:00:18 | 000,043,616 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaffireMidi.sys -- (SaffireMidi) DRV:64bit: - [2010.01.25 10:00:18 | 000,038,880 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaffireAudio.sys -- (SaffireAudio) DRV:64bit: - [2010.01.16 11:31:49 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.11.05 22:46:22 | 000,027,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.26 15:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.12.09 10:45:30 | 000,044,560 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ak1avs_x64.sys -- (ak1avs_x64) DRV:64bit: - [2008.12.09 10:45:27 | 000,233,488 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ak1usb_x64.sys -- (ak1usb_x64) DRV:64bit: - [2008.03.17 19:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX) DRV:64bit: - [2007.08.21 09:34:58 | 000,021,280 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK) DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19946&mntrId=bafebd2a0000000000000021851242a9 IE - HKCU\..\SearchScopes\{5F437C28-9CD1-4424-921D-293F1842F95E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{644AC527-9224-40F7-B0CD-01F06752B211}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=610C0FE2-11FC-4A21-842E-9B5FACD4D08F&apn_sauid=DCA17F15-1824-4421-8FFE-A0E22F7A28D2& IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE421 IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://search.avg.com/route/?d=4b4ba715&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541580864951385 IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms} IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421; ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Stefan Golea\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv522.dll (1 mal 1 Software GmbH) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Stefan Golea\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Shiretoko 3.5.6\extensions\\Components: C:\PROGRAM FILES (X86)\SHIRETOKO\COMPONENTS 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Shiretoko 3.5.6\extensions\\Plugins: C:\PROGRAM FILES (X86)\SHIRETOKO\PLUGINS FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012.06.14 07:54:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012.06.14 07:54:13 | 000,000,000 | ---D | M] [2010.02.23 23:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Extensions [2010.02.12 13:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.11.30 17:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions [2010.06.24 12:26:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.30 18:11:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.15 13:31:15 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} [2011.05.19 19:03:46 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\engine@plasmoo.com [2011.11.30 17:24:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\ffxtlbr@babylon.com [2011.08.03 09:37:40 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\plugin@yontoo.com [2011.06.10 10:29:42 | 000,002,398 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Roaming\Mozilla\Firefox\Profiles\07hdiwtr.default\searchplugins\askcom.xml [2010.03.04 11:38:32 | 000,000,873 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Roaming\Mozilla\Firefox\Profiles\07hdiwtr.default\searchplugins\conduit.xml [2011.09.27 13:36:26 | 000,002,207 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Roaming\Mozilla\Firefox\Profiles\07hdiwtr.default\searchplugins\MyStart Search.xml [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Roaming\Mozilla\Firefox\Profiles\07hdiwtr.default\searchplugins\plasmoo.xml [2011.11.28 14:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.04.19 11:09:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.13 10:19:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.24 10:49:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.21 15:00:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.07 13:28:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.25 10:35:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.10.24 12:07:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.0.1086\7.0.1086\FIREFOXEXTENSION File not found (No name found) -- C:\USERS\STEFAN GOLEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\07HDIWTR.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.06.02 21:27:42 | 001,447,344 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stefan Golea\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Stefan Golea\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Stefan Golea\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Flatcast Viewer Plugin 5.2.2.454 (Enabled) = C:\Windows\DOWNLO~1\NpFv522.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Stefan Golea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: ProxyTube = C:\Users\Stefan Golea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmbofoofebojccpdnfhnegmiifdgpfg\1.3.0_0\ CHR - Extension: Google-Suche = C:\Users\Stefan Golea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Stefan Golea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll File not found O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll File not found O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Stefan Golea\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Stefan Golea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan Golea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Stefan Golea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stefan Golea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan Golea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stefan Golea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://92.51.137.94/objects/NpFv522.dll (Flatcast Viewer 5.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED233939-003B-4367-A27F-293C429D384E}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.10 15:40:34 | 000,000,103 | ---- | M] () - H:\autorun.inf -- [ FAT32 ] O32 - Unable to obtain root file information for disk I:\ O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.15 14:06:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan Golea\Desktop\OTL.exe [2012.06.15 12:31:24 | 000,000,000 | ---D | C] -- C:\Users\Stefan Golea\AppData\Roaming\Malwarebytes [2012.06.15 12:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.15 12:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.15 12:31:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.15 12:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Stefan Golea\*.tmp files -> C:\Users\Stefan Golea\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.16 01:24:07 | 000,000,020 | ---- | M] () -- C:\Users\Stefan Golea\defogger_reenable [2012.06.16 00:40:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.15 17:37:51 | 001,538,810 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.15 17:37:51 | 000,669,180 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.15 17:37:51 | 000,630,456 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.15 17:37:51 | 000,134,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.15 17:37:51 | 000,111,116 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.15 14:06:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan Golea\Desktop\OTL.exe [2012.06.15 13:54:51 | 000,050,477 | ---- | M] () -- C:\Users\Stefan Golea\Desktop\Defogger.exe [2012.06.15 12:31:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.15 11:12:54 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.15 11:12:54 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.15 11:04:21 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.15 11:03:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.15 11:03:42 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys [2012.06.14 12:42:41 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.14 08:36:10 | 000,885,995 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Local\census.cache [2012.06.14 08:36:10 | 000,152,135 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Local\ars.cache [2012.06.14 08:36:10 | 000,000,036 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Local\housecall.guid.cache [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Stefan Golea\*.tmp files -> C:\Users\Stefan Golea\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.16 01:24:06 | 000,000,020 | ---- | C] () -- C:\Users\Stefan Golea\defogger_reenable [2012.06.15 13:54:51 | 000,050,477 | ---- | C] () -- C:\Users\Stefan Golea\Desktop\Defogger.exe [2012.06.15 12:31:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 08:34:53 | 000,885,995 | ---- | C] () -- C:\Users\Stefan Golea\AppData\Local\census.cache [2012.06.14 08:34:43 | 000,152,135 | ---- | C] () -- C:\Users\Stefan Golea\AppData\Local\ars.cache [2012.06.14 08:19:14 | 000,000,036 | ---- | C] () -- C:\Users\Stefan Golea\AppData\Local\housecall.guid.cache [2011.11.25 12:33:43 | 000,994,304 | ---- | C] () -- C:\Windows\SysWow64\veproshared32.dll [2011.11.18 15:06:17 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.11.18 15:06:17 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.11.18 15:04:39 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2011.11.18 15:04:38 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011.11.18 15:04:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011.11.18 15:04:22 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011.10.31 17:01:16 | 000,001,547 | ---- | C] () -- C:\Windows\SysWow64\privatedata.dll [2011.10.07 09:47:38 | 000,000,021 | ---- | C] () -- C:\Users\Stefan Golea\AppData\Local\mc.pixel.data [2011.09.27 13:36:24 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.09.15 09:35:45 | 000,000,624 | -H-- | C] () -- C:\Program Files (x86)\Common Files\_Z3 [2011.09.15 09:35:05 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2 [2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.07.22 09:51:39 | 000,006,656 | ---- | C] () -- C:\Users\Stefan Golea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.20 14:47:12 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011.06.20 14:47:12 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.06.22 11:50:23 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys ========== Files - Unicode (All) ========== [2010.06.18 00:26:37 | 000,010,970 | ---- | M] ()(C:\Users\Stefan Golea\Documents\????? ?? ???????.docx) -- C:\Users\Stefan Golea\Documents\Книги не говорят.docx [2010.06.18 00:26:37 | 000,010,970 | ---- | C] ()(C:\Users\Stefan Golea\Documents\????? ?? ???????.docx) -- C:\Users\Stefan Golea\Documents\Книги не говорят.docx ========== Alternate Data Streams ========== @Alternate Data Stream - 1263 bytes -> C:\ProgramData\Microsoft:O75E0hVVOERYXwa17Xx295Rmv @Alternate Data Stream - 1221 bytes -> C:\ProgramData\Microsoft:NAZos8Pm1CjfYscjs < End of report > OTL Extras logfile created on: 16.06.2012 01:27:09 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Stefan Golea\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 4,52 Gb Available Physical Memory | 56,47% Memory free 16,00 Gb Paging File | 12,11 Gb Available in Paging File | 75,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698,63 Gb Total Space | 256,53 Gb Free Space | 36,72% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 276,33 Gb Free Space | 59,33% Space Free | Partition Type: NTFS Drive F: | 19,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 931,28 Gb Total Space | 504,06 Gb Free Space | 54,13% Space Free | Partition Type: FAT32 Drive I: | 465,64 Gb Total Space | 230,45 Gb Free Space | 49,49% Space Free | Partition Type: FAT32 Computer Name: MUSICPC | User Name: Stefan Golea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FDE6ABC-94C9-4438-BF57-1669351DC53F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3B1AEB64-E55A-4E31-A557-9D7A112CFA81}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3D911975-D61E-457B-8A0E-D77281C821B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{4344A4A7-2EBE-45AE-8507-64D7EB83E0F0}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{6A3D0668-3699-4B86-81E4-F90EC7CDC75D}" = lport=2869 | protocol=6 | dir=in | app=system | "{83693EFE-B897-4EA2-9752-7C2FAADC36D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9DBAE2F7-9424-4CF5-8D93-AD73BF2ABDCF}" = rport=10243 | protocol=6 | dir=out | app=system | "{A26CF444-2680-4A4F-B866-AEA5953570BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C08CAF3F-03CB-414D-A4D3-FECC9C820DC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CEADA4F6-0137-4636-9E88-70146A7C0925}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{DDB16C05-264D-4EF5-8BC1-2D7C94808AAE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F6840118-50B1-46BC-B7D5-171BD5237E7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F7C7B440-282A-4561-AC48-746F4B5106CF}" = lport=10243 | protocol=6 | dir=in | app=system | "{FE4FD6FC-28CB-4323-BDCA-9CDD06F94FCB}" = lport=50846 | protocol=6 | dir=in | name=akamai netsession interface | "{FE86BC60-4D43-4502-B642-0B08BDE8B016}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0905CE9D-31A8-43B0-AF6D-41502B1275B7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0DA4EBB2-A224-4217-8256-994641117D83}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{12D50141-4155-4180-A09D-841E4B7A4A5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1ACAC894-1909-473E-8A93-C9FD0B6A0985}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{237613DA-6FCE-4FAB-B5AD-45061AE48E93}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{244EE25B-A65A-4AC7-A29B-D29F39A9E345}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3196E703-41C5-4E14-AF26-31857125828F}" = protocol=6 | dir=in | app=c:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe | "{3562EFBF-63D4-4026-960E-BBB6DD52A770}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{3EFA7307-1F14-4403-B0B2-2A5FFDF5DCC1}" = protocol=6 | dir=in | app=c:\users\stefan golea\appdata\local\akamai\netsession_win.exe | "{41854755-0DC2-4AEE-9D89-61CE4381892F}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{45625E5E-4B44-4CF1-AD2F-8EDA8180E2E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{54596796-F288-4161-81FC-011437970200}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5498A947-DD0D-4499-BC04-C26220F1544F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{54D90A3B-63AD-4D9E-A49A-91C80FD19698}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{589026DB-59A3-40C7-BF9E-ECD9CEDC1178}" = protocol=6 | dir=in | app=c:\users\stefan golea\appdata\local\akamai\netsession_win.exe | "{638FEE37-21BD-4EAC-8564-44DFE65DED58}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6DC3EF49-2CFE-47C1-B741-C1E0A57BB6B1}" = protocol=17 | dir=in | app=c:\users\stefan golea\appdata\local\akamai\netsession_win.exe | "{800C25E6-3B8C-4868-B645-39F12B6A1591}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{8157990E-1382-43AE-99F6-930F49D1AB75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{81C5B2B4-123C-457C-8FA7-827AC9230B63}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{89D4DDED-B055-4F3E-A5F5-E92BABCA1EB2}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{8F1BE9EF-96A6-43D5-80FC-B1F7152FD0ED}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9165B066-6161-4CAC-925B-123F99B120AB}" = protocol=6 | dir=out | app=system | "{961E51DE-8F94-4E2E-9068-F8B0DD39F6FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A7037832-5E58-40CB-BBCC-48F9D887034A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A8CE2BDF-C30D-4AE3-8C8A-D4AE90F22773}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A92BE722-DD98-4B38-9557-D0C128DF3C7B}" = protocol=17 | dir=in | app=c:\users\stefan golea\appdata\local\akamai\netsession_win.exe | "{ABB9D70C-9E71-40D6-8AC7-681AE4C7876B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BA8C7F57-5BF9-4226-8EB7-CBF47991165A}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe | "{C3106D9A-5798-42E1-B269-310B68120E09}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{C5FB4A9D-C6C0-4854-8B4D-9AA1F0C9BEF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C83C7CB7-1A63-4ACD-A30C-6AFDA9C108FF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{D32A1AF2-16DC-491D-8AD7-ABE99ED31093}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{D50DE2A8-3BBE-478A-8C9F-893D1AAF802D}" = protocol=17 | dir=in | app=c:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe | "{DAB5A1F1-8D28-4F32-A96F-9E9214256547}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe | "{E3CFAF00-C88C-4DCD-AF34-7DBBBC43BA32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EE855EED-2C42-4D7F-9C8B-E1B4518FF797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F22B993F-AB89-4517-9AFE-C2BE8259229C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F75474D3-3A7E-4A0D-BC3D-78F6A7EF4566}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FD41051B-3EE2-4416-B345-F0088A770772}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FE9806E1-8BA1-4A44-854C-6D1DE93A5D3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{68FAF071-9895-41BE-BBE3-F9AB39E54886}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{7C13ADAE-B02E-48FF-A44B-63B62327C28A}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 5\components\vstbridgeapp.exe | "TCP Query User{84A1E367-9AD5-43C2-94E3-B18CA4FD8AC8}C:\program files\vienna ensemble pro\vienna ensemble pro x64.exe" = protocol=6 | dir=in | app=c:\program files\vienna ensemble pro\vienna ensemble pro x64.exe | "TCP Query User{8E8061E3-935D-43EA-B7D0-4B1FF9826058}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{92E6F394-AF75-4B4F-B6A7-BD26BB7C77D4}C:\program files\steinberg\cubase 5\cubase5.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 5\cubase5.exe | "TCP Query User{96DABA40-F91C-4B02-B099-136E22CAF76A}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{9CB6D9AE-FBB0-4962-B855-E4C2E6272FA3}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 6\components\vstbridgeapp.exe | "TCP Query User{B33472C4-D96C-4972-9E8F-A9599E696164}C:\program files\vienna ensemble pro\vienna ensemble pro.exe" = protocol=6 | dir=in | app=c:\program files\vienna ensemble pro\vienna ensemble pro.exe | "TCP Query User{C25C9D0C-ABA9-4369-AB39-25CBB1935CB8}C:\program files\steinberg\cubase 6\cubase6.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 6\cubase6.exe | "TCP Query User{DC9AC11F-6CE4-4AEA-B6B1-A0DC99FE9F3E}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{DE2D784A-17F7-4CFC-B0B2-87A3B335CBFB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{E773CFCB-373D-4C47-8B58-077BDD5EE5B4}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{EB6A2E3C-AFE6-479D-9853-846D47FB4EFE}C:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{1EFD4B87-8091-4DD9-AA07-11B0864EE58A}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 6\components\vstbridgeapp.exe | "UDP Query User{25AE60E6-E7B2-413A-80C3-29632E2892B6}C:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{29E63DC1-27A3-446B-BDB5-D4877E614798}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{551A8799-9421-44CF-A499-8E5E9ADF1169}C:\program files\steinberg\cubase 5\cubase5.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 5\cubase5.exe | "UDP Query User{6AC4A7C0-7971-4B15-957A-FFB708441814}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{7F0F2121-8B0E-47D6-AAC5-8D671BB5B2F2}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{818717ED-4251-4F86-ADB5-629EEFE56D7C}C:\program files\vienna ensemble pro\vienna ensemble pro.exe" = protocol=17 | dir=in | app=c:\program files\vienna ensemble pro\vienna ensemble pro.exe | "UDP Query User{824C3677-BA0D-4376-AE08-1C2365EA264F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{8D46A837-614D-42CF-939C-AE11912321D3}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 5\components\vstbridgeapp.exe | "UDP Query User{A58A1062-634F-4019-A5CE-971CE4A45D2A}C:\program files\steinberg\cubase 6\cubase6.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 6\cubase6.exe | "UDP Query User{B7E6A259-0E71-4E31-8EC7-A4226EFA2AB8}C:\program files\vienna ensemble pro\vienna ensemble pro x64.exe" = protocol=17 | dir=in | app=c:\program files\vienna ensemble pro\vienna ensemble pro x64.exe | "UDP Query User{C45EFB35-52A4-488C-BD95-DE31DF9C392D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{EF144E12-19B1-4E26-8F7C-8749A2177A18}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0D6CCD2B-DF70-4E77-B002-3208B1976D3C}" = Steinberg HALion 3 64bit "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{110C673D-E8C1-44C6-85D3-4BD29513FC88}" = Native Instruments Acoustic Refractions "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{14C1DD2C-D54E-464A-9588-C109E3E39EEF}" = Native Instruments Vintage Organs "{199c6b63-fcb2-49f4-9859-ff78ddd0bb90}" = Native Instruments Scarbee Clavinet Pianet "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor "{36ccb7d4-42c7-473e-b293-72e41a8ec766}" = Native Instruments Berlin Concert Grand "{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1 "{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4 "{45da1e94-82eb-4778-be0d-47c8d9e8451b}" = Native Instruments Scarbee Mark I "{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive "{52931732-892F-4D54-A84A-3EDE25F9BCA2}" = Native Instruments Komplete 7 "{5B841301-3649-4891-BC10-7A66820397C9}" = Native Instruments Reaktor Prism "{5cd7e481-59d1-4961-a964-019f162b1f27}" = Native Instruments Scarbee A-200 "{5D03CB59-6F91-4097-922C-9DCA057D2A76}" = Native Instruments The Finger R2 "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60BB45B2-E8E4-41C5-B69F-C6DC5D991DF5}" = Native Instruments Abbey Road 60s Drums "{6347E7B5-806F-4302-906A-05C62CCEA502}" = Tpkd x64 "{65B7E38D-10F8-4B1A-8EE3-BF2362CF12AE}" = Native Instruments Kontakt 4 Factory Content "{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{743C5D75-6BC8-4881-BF7D-E7DF29F155F4}" = Steinberg HALionOne 64bit "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01 "{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{9be187da-7d1c-4e8b-8b66-6132ca7697d8}" = Native Instruments New York Concert Grand "{a63e8179-0381-4b59-8876-0755be48eb6a}" = Native Instruments Scarbee MM-Bass "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012 "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8 "{B5DCC899-D29E-43E0-A445-F7BF0F571017}" = Steinberg HALion Sonic 64bit "{B99C316B-C135-43B5-8E77-2BC5E241F964}" = Steinberg HALion Sonic SE 64bit "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer "{C6651CD0-4892-4465-96AC-C9864A695FF9}" = Steinberg Cubase 6 64bit "{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4 "{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud "{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire "{d8650fdb-9422-4a07-9f57-585c06d9d760}" = Native Instruments Upright Piano "{dc8b9571-8363-44c2-85e0-ea13ab89d032}" = Native Instruments Vienna Concert Grand "{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1 "{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5 "{EC015649-3B3C-4611-9C66-453F8011E944}" = Native Instruments Kontakt 4 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F7B8AA38-EB63-4360-B09D-FDE7BAA52C3A}" = Steinberg HALion Symphonic Orchestra 64bit "{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Focusrite USB Audio Driver_is1" = Focusrite USB Audio Driver 1.8 "HP LaserJet M1522" = HP LaserJet M1522 MFP Series 1.0 "HPExtendedCapabilities" = HP Customer Participation Program 9.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1 "NVIDIA Drivers" = NVIDIA Drivers "Saffire PRO 40_is1" = Saffire MixControl 2.0 "Sibelius 7.0.0.23_is1" = Sibelius 7.0.0.23 "Vienna Ensemble Pro_is1" = Vienna Ensemble Pro 5.0.9687 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51 "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{1312306D-F0A5-4B64-BA34-AC6169A3A098}" = Steinberg HALion Symphonic Orchestra VST Sound Instrument Set "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1864B4F0-7777-4A57-9930-C2B307597966}" = MusicLab RealGuitar 2.0 "{1864B4F0-7777-5A57-9930-C2B307597966}" = MusicLab RealGuitar "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1AA20A3E-B833-4309-9155-8A15D479D46F}" = Steinberg HALion Sonic Content "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2C74EC44-ECCE-4C3E-8DFC-236D7052F5AD}" = hppscanM1522 "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N "{3C073C77-36A9-421B-8EA8-2F40D39DB131}" = Steinberg Sequel Content Set ChillOut "{3E487A7F-2F7E-4D96-9103-C77968CCBD45}" = hpzTLBXFX "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{591B2FA3-E8BC-4163-B1E8-0723DFB67E1D}" = SanDisk ® Media Manager "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5DEF53CC-4512-4BE3-BA49-89BEDE0B7917}" = hppLJM1522 "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7325A8DF-C8C3-4425-B0CA-8CAEE5E6464B}" = Sibelius 7 OpenType Fonts "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A600039-FED6-4C81-AA6E-F151F7FA7EE7}_is1" = Sonalksis Plug-in Manager 3.00 "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.3.0 "{82327AE2-4C5D-46F7-AAE2-2D4BEC7AA60D}" = hppManualsM1522 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}" = Steinberg LoopMash Content 2 "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AC253CE-E37F-48F2-AC01-CDA7C0ABB30D}" = hppTLBXFXM1522 "{8CBA7E47-48DA-47DC-8E98-6984BA830295}" = Steinberg VST Amp Rack Content 01 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007 "{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9606A332-1C71-466F-873C-C47CA3B53E7D}" = hppScanTo "{99E8E2CD-53AF-487D-86C0-E0DBD2AF4168}" = hppusgM1522 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}" = Steinberg HALion Sonic SE Content "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.6 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{B31F8DD0-002C-4ED7-A6D4-E275C4A92E66}" = Steinberg Instrument Set Synthesizers "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{BB909FED-3963-4CCC-A538-92F5022C3818}" = hppFaxDrvM1522 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CF07B703-ACF2-4003-AF18-1EA840920D38}}_is1" = Focusrite Plug-in Suite 1.0.2 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D4C5CF89-51BC-4B2B-9057-EA2D24B56148}" = hppIOFiles "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set "{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts "{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set "{E6B586A0-6C65-4AD3-8347-233E7610EE23}_is1" = Sibelius Sounds Choral for Sibelius 6 "{ED9A9F6F-63CD-40F2-837B-5E1319E86692}" = Scan "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0EB3969-C007-4ABE-9245-990C5E021A8F}_is1" = Sibelius Sounds Essentials for Sibelius 6 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F533A90F-4E9E-4A17-A085-BD285B6AA57A}" = Sibelius Scorch (all browsers) "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "Akamai" = Akamai NetSession Interface Service "BurnAware Free_is1" = BurnAware Free 4.5 "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "eLicenser Control" = eLicenser Control "ElsterFormular 12.4.0.7094p" = ElsterFormular "ElsterFormular 12.4.0.7094u" = ElsterFormular "elysia niveau filter Native_is1" = elysia niveau filter Native 1.0 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 "Free Studio_is1" = Free Studio version 5.2.1 "Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion) "MuseScore" = MuseScore 1.1 MuseScore score typesetter "Native Instruments Abbey Road 60s Drums" = Native Instruments Abbey Road 60s Drums "Native Instruments Absynth 5" = Native Instruments Absynth 5 "Native Instruments Acoustic Refractions" = Native Instruments Acoustic Refractions "Native Instruments Battery 3" = Native Instruments Battery 3 "Native Instruments Berlin Concert Grand" = Native Instruments Berlin Concert Grand "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments FM8" = Native Instruments FM8 "Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4 "Native Instruments Komplete 7" = Native Instruments Komplete 7 "Native Instruments Kontakt 4" = Native Instruments Kontakt 4 "Native Instruments Kontakt 4 Factory Content" = Native Instruments Kontakt 4 Factory Content "Native Instruments Kore Player" = Native Instruments Kore Player "Native Instruments Massive" = Native Instruments Massive "Native Instruments New York Concert Grand" = Native Instruments New York Concert Grand "Native Instruments Rammfire" = Native Instruments Rammfire "Native Instruments Reaktor 5" = Native Instruments Reaktor 5 "Native Instruments Reaktor Prism" = Native Instruments Reaktor Prism "Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2 "Native Instruments Reflektor" = Native Instruments Reflektor "Native Instruments Scarbee A-200" = Native Instruments Scarbee A-200 "Native Instruments Scarbee Clavinet Pianet" = Native Instruments Scarbee Clavinet Pianet "Native Instruments Scarbee Mark I" = Native Instruments Scarbee Mark I "Native Instruments Scarbee MM-Bass" = Native Instruments Scarbee MM-Bass "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments The Finger R2" = Native Instruments The Finger R2 "Native Instruments Traktors 12" = Native Instruments Traktors 12 "Native Instruments Upright Piano" = Native Instruments Upright Piano "Native Instruments Vienna Concert Grand" = Native Instruments Vienna Concert Grand "Native Instruments Vintage Organs" = Native Instruments Vintage Organs "OUTLOOKR" = Microsoft Office Outlook 2007 "Picasa 3" = Picasa 3 "Sibelius 6_is1" = Sibelius 6.1.0.14 "Steinberg Groove Agent 3" = Steinberg Groove Agent 3 "Synergy" = Synergy "TomTom HOME" = TomTom HOME 2.8.2.2264 "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.11 "WaveLabPro" = WaveLab 6 "WinLiveSuite_Wave3" = Windows Live Essentials "Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.01 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Search Defender" = Yahoo! Suche Schutzvorkehrung "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Dropbox" = Dropbox "Facebook Plug-In" = Facebook Plug-In "FoxTab Music Converter" = FoxTab Music Converter "FoxTab PDF Creator" = FoxTab PDF Creator "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 14.06.2012 02:15:44 | Computer Name = MusicPC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.06.2012 02:16:25 | Computer Name = MusicPC | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 05:28:43 | Computer Name = MusicPC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.06.2012 05:29:24 | Computer Name = MusicPC | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 05:41:45 | Computer Name = MusicPC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 12.0.6607.1000, Zeitstempel: 0x4e398dcd Name des fehlerhaften Moduls: OGL.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e151f7e Ausnahmecode: 0xc0000005 Fehleroffset: 0x5ede617c ID des fehlerhaften Prozesses: 0x156c Startzeit der fehlerhaften Anwendung: 0x01cd4a11bd80eacc Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE Pfad des fehlerhaften Moduls: OGL.DLL Berichtskennung: 273e0edf-b605-11e1-96da-0021851242a9 Error - 14.06.2012 06:08:06 | Computer Name = MusicPC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 15.06.2012 05:04:41 | Computer Name = MusicPC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 15.06.2012 05:05:27 | Computer Name = MusicPC | Source = WinMgmt | ID = 10 Description = Error - 15.06.2012 08:09:47 | Computer Name = MusicPC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_virtualdub.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 15.06.2012 08:09:49 | Computer Name = MusicPC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up (1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. [ OSession Events ] Error - 26.05.2011 02:38:41 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 22.06.2011 13:27:39 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. Error - 16.08.2011 03:08:46 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 30 seconds with 0 seconds of active time. This session ended with a crash. Error - 13.10.2011 05:40:27 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time. This session ended with a crash. Error - 13.10.2011 05:41:47 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 68 seconds with 60 seconds of active time. This session ended with a crash. Error - 20.11.2011 05:12:34 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 03.12.2011 08:42:18 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 120 seconds with 60 seconds of active time. This session ended with a crash. Error - 01.02.2012 05:07:59 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 28.02.2012 02:17:06 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error - 14.06.2012 05:41:45 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 15.06.2012 05:06:33 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht. Error - 15.06.2012 05:06:33 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 15.06.2012 05:09:11 | Computer Name = MusicPC | Source = DCOM | ID = 10005 Description = Error - 15.06.2012 05:09:11 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 Error - 15.06.2012 09:05:43 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 Error - 15.06.2012 09:06:06 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 Error - 15.06.2012 13:57:22 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 Error - 15.06.2012 13:57:41 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 Error - 15.06.2012 18:57:49 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 Error - 15.06.2012 18:58:07 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: %%5 [ TuneUp Events ] Error - 04.05.2010 03:57:09 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 04.05.2010 03:57:14 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 04.05.2010 03:57:14 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 04.05.2010 03:57:19 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 04.05.2010 03:57:19 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 04.05.2010 03:57:24 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 04.05.2010 03:57:24 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 04.05.2010 03:57:29 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 04.05.2010 03:57:29 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 04.05.2010 03:57:31 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = < End of report > Mit freundlichen Grüßen |
|
18.06.2012, 13:55
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Pc mit Windows Update Trojaner infiziertZitat:
 Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
| Themen zu Pc mit Windows Update Trojaner infiziert |
| adware.installcore, akamai, alternate, babylon toolbar, babylontoolbar, bho, bingbar, bonjour, conduit, converter, cubase, dateisystem, device driver, e-mail, error, festplatte, firefox, flash player, google, helper, heuristiks/extra, heuristiks/shuriken, hewlett packard, home, iexplore.exe, infiziert., install.exe, logfile, microsoft office word, mp3, object, office 2007, pdf creator, plug-in, realtek, registry cleaner, richtlinie, scan, searchscopes, security, senden, software, spark, svchost.exe, system, trojaner, version., version=1.0, visual studio, windows, yontoo |
Linear-Darstellung
