| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert".Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.07.2012, 14:09
| #1 |
| |  "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Hallo liebes Team, mein Rechner (Win 7) wurde am 22.7. evt. mit einem Trojaner infiziert. Die Meldung lautet: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". Habe den Computer im abgesicherten Modus gestartet und mir Malwarebytes heruntergeladen und das Update installiert. Der Quick- Scan ergab folgendes: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.22.06 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 **** :: **** [Administrator] Schutz: Deaktiviert 22.07.2012 14:36:18 mbam-log-2012-07-22 (14-36-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 193199 Laufzeit: 2 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\uwe schafstall\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\uwe schafstall\Downloads\SoftonicDownloader_fuer_minecraft.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\uwe schafstall\Downloads\SoftonicDownloader_fuer_photoscape.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Windows\System32\V.ico (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\SysWOW64\V.ico (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\uwe schafstall\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Danach habe ich mir OTL heruntergeladen und ebenfalls einen scan durchgeführt. OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.07.2012 14:54:53 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\uwe schafstall\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,88% Memory free 7,97 Gb Paging File | 7,18 Gb Available in Paging File | 90,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,45 Gb Total Space | 327,92 Gb Free Space | 71,53% Space Free | Partition Type: NTFS Drive D: | 458,77 Gb Total Space | 133,61 Gb Free Space | 29,12% Space Free | Partition Type: NTFS Computer Name: UWESCHAFSTALL | User Name: uwe schafstall | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\uwe schafstall\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\uwe schafstall\AppData\Roaming\13001.028\components\AcroFF.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (yksvc) -- C:\Windows\SysNative\yk62x64.dll (Marvell) SRV:64bit: - (lxdj_device) -- C:\Windows\SysNative\lxdjcoms.exe ( ) SRV:64bit: - (lxdjCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdjserv.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxdjCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdjserv.exe () SRV - (lxdj_device) -- C:\Windows\SysWOW64\lxdjcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z106pe455v165w4681t841 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=10&cc= IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {ECAE4F22-0EDD-45C3-979A-A5FF4E44A199} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1027E1BA-F410-4B39-A305-B4006A6CB8B8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=FEDBCE52-1124-427A-8036-75734638A046&apn_sauid=C3556903-998A-4B3B-BDE3-B42E90AD7ACC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE394 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=384&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{ECAE4F22-0EDD-45C3-979A-A5FF4E44A199}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=814 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.21 23:18:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.21 23:18:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.23 21:32:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 18:05:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.22 22:30:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\uwe schafstall\AppData\Roaming\13001.028 [2012.07.22 01:30:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 18:05:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.22 22:30:27 | 000,000,000 | ---D | M] [2012.04.21 19:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Extensions [2012.06.27 16:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions [2012.06.27 16:36:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.04.21 19:08:49 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.04.01 16:58:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.07 14:24:03 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\battlefieldplay4free@ea.com [2011.04.01 16:58:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\engine@conduit.com [2011.08.23 03:12:10 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\gutscheinmieze@synatix-gmbh.de [2012.06.12 20:35:02 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\uwe schafstall\AppData\Roaming\mozilla\Firefox\Profiles\kzwwx02r.default\extensions\toolbar@ask.com [2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\askcom.xml [2011.03.15 13:21:54 | 000,000,931 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\conduit.xml [2012.04.21 19:08:46 | 000,002,519 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\Search_Results.xml [2012.06.12 16:23:36 | 000,002,060 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\Mozilla\Firefox\Profiles\kzwwx02r.default\searchplugins\softonic.xml [2012.05.24 21:33:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.24 21:33:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.22 01:30:56 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\UWE SCHAFSTALL\APPDATA\ROAMING\13001.028 [2012.06.26 18:05:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.08.24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.26 18:05:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.26 18:05:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.26 18:05:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 18:05:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 19:08:46 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.06.26 18:05:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 18:05:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=48&cc= CHR - Extension: No name found = C:\Users\uwe schafstall\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.153.1_0\ CHR - Extension: No name found = C:\Users\uwe schafstall\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: No name found = C:\Users\uwe schafstall\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho64.dll () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100919120818.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101225220159.dll (McAfee, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [lxdjamon] C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe () O4:64bit: - HKLM..\Run: [lxdjmon.exe] "C:\Program Files (x86)\Lexmark 1400 Series\lxdjmon.exe" File not found O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\setEvent.exe File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WinSCard] C:\Users\uwe schafstall\AppData\Local\Microsoft\Windows\25\WinSCard.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.103.78 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A778355-EDCC-4EDE-B22C-C1E985BE7681}: DhcpNameServer = 80.69.100.182 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B3E18C5-6BCD-4A29-A740-0403DE581506}: DhcpNameServer = 80.69.103.78 192.168.0.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\autorun.exe O33 - MountPoints2\{53d0f6c2-6d4e-11df-9b77-806e6f6e6963}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.22 14:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.07.22 14:30:39 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\Malwarebytes [2012.07.22 14:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.22 14:30:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.22 14:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.22 14:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.22 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\hellomoto [2012.07.22 13:19:30 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\UAs [2012.07.22 01:30:56 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\13001.028 [2012.07.22 01:30:36 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\xmldm [2012.07.22 01:30:34 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\kock [2012.07.21 16:05:36 | 000,000,000 | ---D | C] -- C:\Users\uwe schafstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoD2 - Version Changer [2012.07.17 21:56:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.17 21:56:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.17 21:55:58 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.17 21:55:48 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.17 21:55:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.06.29 14:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2012.06.29 14:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision [2012.06.23 02:22:49 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.23 02:22:49 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.23 02:22:49 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.23 02:22:23 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.23 02:22:23 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.23 02:22:23 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.23 02:22:10 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.23 02:22:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2009.10.12 13:24:23 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Users\uwe schafstall\AppData\Roaming\*.tmp files -> C:\Users\uwe schafstall\AppData\Roaming\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.22 14:48:42 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk [2012.07.22 14:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.22 14:45:10 | 3208,544,256 | -HS- | M] () -- C:\hiberfil.sys [2012.07.22 14:42:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.22 14:42:53 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-uwe schafstall-Startup.job [2012.07.22 14:30:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.22 14:17:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.22 14:16:38 | 000,000,034 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\blckdom.res [2012.07.22 13:58:51 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 13:58:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 01:31:07 | 000,006,400 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\BAcroIEHelpe.dll [2012.07.22 01:31:06 | 000,268,992 | ---- | M] () -- C:\Users\uwe schafstall\AppData\Roaming\AcroIEHelpe.dll [2012.07.18 15:52:58 | 000,000,286 | ---- | M] () -- C:\Windows\game.ini [2012.07.18 13:47:40 | 000,343,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.17 22:17:30 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.02 21:53:17 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.02 21:51:44 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.29 15:10:58 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk [2012.06.29 15:10:58 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk [2012.06.29 13:29:24 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.29 13:25:47 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [1 C:\Users\uwe schafstall\AppData\Roaming\*.tmp files -> C:\Users\uwe schafstall\AppData\Roaming\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.22 14:30:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.22 01:31:07 | 000,006,400 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\BAcroIEHelpe.dll [2012.07.22 01:31:06 | 000,268,992 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\AcroIEHelpe.dll [2012.07.22 01:30:48 | 000,000,034 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\blckdom.res [2012.07.18 15:52:58 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini [2012.06.29 15:10:58 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk [2012.06.29 15:10:58 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk [2012.06.12 16:28:17 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini [2012.05.19 19:58:41 | 000,000,102 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Local\fusioncache.dat [2012.05.19 19:57:31 | 001,554,702 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.17 13:56:29 | 000,000,000 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Local\{E4C01B19-4D93-43A1-AD58-791CFC8F37E5} [2011.10.26 12:26:40 | 000,000,040 | ---- | C] () -- C:\Users\uwe schafstall\jagex_cl_runescape_LIVE.dat [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.05.07 14:47:10 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.07 14:47:08 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.20 23:11:50 | 000,000,882 | ---- | C] () -- C:\Users\uwe schafstall\.recently-used.xbel [2011.02.18 15:18:51 | 000,000,129 | ---- | C] () -- C:\Users\uwe schafstall\jagex_runescape_preferences2.dat [2011.02.18 15:18:10 | 000,000,035 | ---- | C] () -- C:\Users\uwe schafstall\jagex_runescape_preferences.dat [2011.02.12 16:59:01 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe [2011.02.12 16:59:00 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini [2011.01.25 16:23:10 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2010.12.25 12:49:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.22 16:02:09 | 000,000,082 | ---- | C] () -- C:\Users\uwe schafstall\edencity.ini [2010.08.27 19:31:47 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjinpa.dll [2010.08.27 19:31:47 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdjcomx.dll [2010.08.27 19:31:47 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\lxdjinst.dll [2010.08.27 19:31:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjpmui.dll [2010.08.27 19:31:46 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjiesc.dll [2010.08.27 19:31:45 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjusb1.dll [2010.08.27 19:31:44 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjserv.dll [2010.08.27 19:31:44 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjlmpm.dll [2010.08.27 19:31:44 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjih.exe [2010.08.27 19:31:44 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjppls.exe [2010.08.27 19:31:44 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjprox.dll [2010.08.27 19:31:44 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjpplc.dll [2010.08.27 19:31:43 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjhbn3.dll [2010.08.27 19:31:43 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcomc.dll [2010.08.27 19:31:43 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcoms.exe [2010.08.27 19:31:43 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcomm.dll [2010.08.27 19:31:43 | 000,394,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdjcfg.exe [2010.08.27 19:25:01 | 000,000,000 | ---- | C] () -- C:\Users\uwe schafstall\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2010.12.26 00:46:12 | 000,000,000 | -HSD | M] -- C:\Users\uwe schafstall\AppData\Roaming\.# [2012.06.12 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\.minecraft [2012.07.22 01:30:56 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\13001.028 [2012.03.20 22:07:58 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1 [2011.11.29 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoft [2011.04.01 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.27 21:00:56 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\GameConsole [2011.08.23 03:12:10 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Gutscheinmieze [2012.07.22 13:51:46 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\hellomoto [2012.07.22 01:30:34 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\kock [2010.12.11 18:36:40 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Lexmark Productivity Studio [2011.05.08 13:46:06 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\PhotoScape [2010.12.26 00:11:15 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\PowerCinema [2011.05.08 18:10:19 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Samsung [2010.08.27 18:55:49 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\SoftDMA [2010.08.27 19:25:03 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\Template [2011.11.20 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\TIPP10 [2012.07.22 13:19:30 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\UAs [2012.07.22 01:30:36 | 000,000,000 | ---D | M] -- C:\Users\uwe schafstall\AppData\Roaming\xmldm [2012.03.19 20:44:56 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.22 14:42:53 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-uwe schafstall-Startup.job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2010.09.19 22:10:33 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?L) -- C:\Windows\SysNative\麰L [2010.09.19 22:10:33 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?L) -- C:\Windows\SysNative\麰L ========== Alternate Data Streams ========== @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 < End of report > Extras.Txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.07.2012 14:54:53 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\uwe schafstall\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,88% Memory free
7,97 Gb Paging File | 7,18 Gb Available in Paging File | 90,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,45 Gb Total Space | 327,92 Gb Free Space | 71,53% Space Free | Partition Type: NTFS
Drive D: | 458,77 Gb Total Space | 133,61 Gb Free Space | 29,12% Space Free | Partition Type: NTFS
Computer Name: UWESCHAFSTALL | User Name: uwe schafstall | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086656ED-7C87-440C-A583-098E8499ED1D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{132FECBA-AFAD-468F-8052-9A5CCD167F27}" = lport=137 | protocol=17 | dir=in | app=system |
"{1488E7C0-7F5B-430E-829F-1FF6FB8CB089}" = rport=445 | protocol=6 | dir=out | app=system |
"{235663EA-D983-4173-830A-93A0874DD416}" = lport=138 | protocol=17 | dir=in | app=system |
"{2447D796-0DD0-4BB5-AA18-088962EA6C66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E9E2054-23C0-407C-AB3E-65E0DC26B437}" = lport=139 | protocol=6 | dir=in | app=system |
"{30A30A67-0DF9-4B1A-B058-44CF5E116333}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37AA2250-7A64-451C-B031-0301FA36987E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3E236E98-57B5-49D9-87F9-40F4A5B501AE}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F18D3F5-ABF1-48B0-94C3-363431988652}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C1948EF-A62A-46BA-99F9-C4ACF0F236F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7A13492C-6813-4076-979F-6C447A02B83F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88AF6B31-A6A6-4E36-83AE-54AA561BF55F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B2EC1011-FD75-4452-9E80-24494B090A5F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEB9567B-AA57-4BD8-BF0D-9422317C98C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1737D70-E719-432D-8924-76A728DE338D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5E04955-74A9-4B7E-B6D1-1B5D075FF58B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C9342B08-674B-42C5-B4F3-777E552F133A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DD86214C-26DB-413B-9D00-3A7C6AC9A780}" = rport=137 | protocol=17 | dir=out | app=system |
"{DED21CD8-E654-48FD-B905-494A64BD4795}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E765ED07-7548-4331-A1C0-9BEC8F2BAA8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF9492E7-157A-476C-9296-D675370236DB}" = rport=139 | protocol=6 | dir=out | app=system |
"{F4389176-1D7A-4B98-B199-FA1AE90D9BCC}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D0F86B-4454-4828-8EC8-2B3C622E8272}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{081042EB-A458-40E4-BB4F-2FCFFA9FB497}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"{0AB4F0C8-D9A5-41CF-AF40-81ACEAD579DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{0D02F170-6B0B-4537-BE42-EA1DAF9086BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0FCCC39C-22C5-4EF6-887F-5EA890176067}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10D74238-87CF-4FFE-B1FC-EAE86CDFD1B7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{125065E1-C05D-4A96-83AB-9E72EEAE199F}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{12F49060-B8C9-42BA-A69B-6DBDF81E5415}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjjswx.exe |
"{13F88B47-48E6-45F2-9FC8-546803F1FBF1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{16A8344B-DD0D-44D8-87E4-9C0A105DD70C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C5042CD-9E36-41D1-818D-2EDEC9EBF9F0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1FC19372-6FE5-4492-9552-B3D49A2AF8B5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"{20265966-94D9-4F49-8C7A-6AECBEDBC110}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2463EFC7-E9D2-48E7-A609-FE4B1848DCCD}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{25956C55-2F96-4D8A-94D5-808EBB640470}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{276AB897-1272-4542-A115-6EA7404132CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks ii napoleonic wars\engine.exe |
"{29DD7833-06C6-4190-B89A-3128CE58F8EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
"{2A312CB4-D705-4540-884D-C3195F8D33B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{2A7ECEF1-B45B-4B56-9683-FFC38E631BF2}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdjcoms.exe |
"{2A914823-678A-403D-AE35-A43B33914DB7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjtime.exe |
"{2DBC9D66-0466-49C9-B8BB-884854D2CC45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks ii napoleonic wars\engine.exe |
"{2EFE9EE1-4B20-4FE4-9BBC-AA4061E9C7BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2F3FF919-633F-4310-8B4D-34AEA284B022}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks ii battle for europe\engine.exe |
"{35CA41EF-1DB2-46CA-94DC-1652B586A498}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3E077E0B-26E9-4873-9483-F7B2F596568F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{436F5D28-8440-48CB-9109-B217766BF18E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjpswx.exe |
"{439F18F2-F056-40BD-BF11-6842C66F482E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{445275A2-A47C-47B5-8D22-E246EA256F09}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
"{48A39B3E-D240-4622-8600-667EFBAE7C57}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4DEDF912-2DC6-43DE-95DD-360D65250007}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{50648B03-BD25-48B8-973E-E730919F9D46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
"{59382FD6-E579-4B68-AA63-05E09AEFCFDF}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjjswx.exe |
"{5AE10A14-5BF8-4E95-9C28-FB27DB6E3370}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{643CEE68-9F9E-456D-BDD5-E8CD0EF15FDD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6616518B-81E2-476E-B0D7-8F5A1AB7D371}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{66545189-9349-4EA4-A23D-1D2A6B7F1A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\american conquest - fight back\dmcr.exe |
"{6D112700-3780-41F8-B31F-51D9BE226F17}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6F08D1D6-72B7-40D1-B58B-900FAC617C2D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{70FA6548-D8A5-4CF3-84A2-BAB27EE4E4FF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{71B35DD1-2A04-42D2-A41C-EA9E77E121A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{73E7CECB-2B61-4DE9-9D6A-0EDFFF54D519}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7608C46C-E9A8-47A0-B07D-609BCAAAFA34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{775BE3A7-21EF-4E1D-9FDD-E11B13584824}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{7936CE03-948F-4E3B-94C4-6810EDE013CB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{800FE393-04DA-4F7A-9CE3-EDEC416685AE}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{8548B433-E29F-49B5-A737-9CA2AE13B761}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
"{8760AD6A-FCE0-4314-9F94-C581A18C2547}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{877C433C-DC2B-494F-905D-134933BC544D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{88955E38-1EDF-4CDA-98CD-258C86A26FA4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{8958B566-9DB5-460C-8059-66DD659A08AC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8A19D514-0D54-4604-9732-08066D9D06F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
"{8B8B303C-E965-42FC-BA0F-BAE502504547}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
"{926C5960-0EE9-4879-A2A6-2432A31DA4C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{98B4CAF9-0C0E-4E85-AD48-1AB9D94EF862}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9D67D5B2-2312-440E-854B-4C5247F330B9}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{9DCD561E-A5C1-4252-9E15-5EF31591E709}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{A4354260-ED5E-488F-8C18-E9B765002CEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7605C5D-F526-47E9-8714-16A1D490391A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks art of war\dmcr.exe |
"{A8C3AD6C-798D-4E99-8B72-D08ECCF49D0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
"{AA2B7EFF-B8D4-4862-A76E-D126B1D3F3C1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AD732F4C-FAF3-43D6-AD8C-14848B6A21FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
"{AD7DD20F-C6AE-4444-85E7-503A2F1DE26A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks ii battle for europe\engine.exe |
"{AE6F9039-DCEB-42FE-8288-F39D6792AFA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\american conquest - fight back\dmcr.exe |
"{AE8E51FD-7E5E-483F-9941-FB035F464A98}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF9F770A-22BE-49EA-BDFF-6844F9FC3109}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B00D086B-6159-417A-A678-6D07449E3ED0}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{B7B18237-12C3-4315-A0D3-19C9E7C058B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B8BE47E7-401B-414A-97D3-2506AA748C42}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B8C6AA70-BC9D-457F-AA7D-26F367C18698}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\american conquest\dmcr.exe |
"{B9E1B74C-F1D2-4FB6-8349-9656133B001B}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{BA2262B3-FDD3-4AC7-9F29-F6F4B7402763}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ocin94\day of defeat source\hl2.exe |
"{BA22F1AA-A962-47B6-B07A-DB671B2D4CFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\american conquest\dmcr.exe |
"{BBADFCEF-D923-4C3D-BE01-4D83C013D9FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBBB017F-9AD0-4C01-A9E4-70F0FCE0438C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBCF39D8-DB66-47FB-956A-2CA6C883B47C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C011BD93-CFD2-4D92-93C0-CB4FF6408CFE}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{C1EE6A47-C80F-4F25-AA14-B27E9B3CDE67}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C85D9C7F-EEC0-4591-9321-A6CE0774CFB4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjtime.exe |
"{C89EF85A-0E87-479A-BFC4-3C152F096E58}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjpswx.exe |
"{CB6C9B6E-998E-408F-ACC9-A9B79F1F5C8C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{CCDC6027-B4FF-45CE-80B2-A4B70D4B5FE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks european wars\dmcr.exe |
"{CD7B5A2A-9422-4506-BD53-23C605E053A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ocin94\counter-strike source\hl2.exe |
"{D45F0CF4-DF0D-43E6-ACC2-1C2D2FEBD794}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4CED8A6-E3A4-49E0-B8F7-9A6C512B0D2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D574A868-EFA6-4C02-99DA-9103A26DDE35}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D6526B70-D9FD-44E9-A5A1-C962B406C24C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{D9091EA2-67D4-4512-84AE-44C959F03DE8}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdjcoms.exe |
"{D9D24A72-FF21-46A7-9DE3-BA61C747557A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
"{D9DDCC0F-EA4D-4329-B729-464A30569ADA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAB86308-77F9-4802-BE1D-16CFAF3FBA90}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"{DBD9C752-1C61-45F2-A2A4-04C73CD146B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFC82109-2A24-4C40-9501-414046A10692}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks art of war\dmcr.exe |
"{E338A0F9-E6EB-4987-A225-1EA72BE08F1F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9275557-DDD6-42B2-83E4-23743B55A1DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
"{EB85B93B-0FB8-4E75-927C-98AA4F269BA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ocin94\counter-strike source\hl2.exe |
"{EBFFCD34-7E3C-4223-9298-30388B78B4CD}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"{ECAEADED-5F46-487A-B19E-EF701866D865}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{EE077BD0-C261-4379-9E3C-D8098626E462}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{EE90F5AA-E085-4B87-BE5D-606D761FFFDB}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{F54A9B6A-4EB2-4CD6-96C4-2C4098FB5A07}" = protocol=6 | dir=out | app=system |
"{F8BE96F2-7C4A-4473-819B-6A5B150CF1A2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F9967158-427E-413E-909E-0E191B50884D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks european wars\dmcr.exe |
"{FF6A01BD-02AA-48D7-90AA-5F4179F29A92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ocin94\day of defeat source\hl2.exe |
"TCP Query User{B2FD7849-A340-457E-B2E5-95E31D50A02C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"TCP Query User{CBAA103D-7057-41EA-B787-28C05E87F71E}C:\program files (x86)\lexmark 1400 series\lxdjamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"UDP Query User{39B6B719-5919-49F7-9220-23D7F99C20A1}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"UDP Query User{E1DE7927-A80C-4C00-8B76-7E983A9FA7EC}C:\program files (x86)\lexmark 1400 series\lxdjamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F9241E8-87C1-FB9C-5D76-3FF7D0318A87}" = ATI Catalyst Install Manager
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 1400 Series" = Lexmark 1400 Series
"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{ccb6b889-f9d9-45fd-8a78-2a4f2e599441}" = Nero 9 Essentials
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.06.00.8025
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Call of Duty 2 - Version Changer" = Call of Duty 2 - Version Changer
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security Suite
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PunkBusterSvc" = PunkBuster Services
"Searchqu Toolbar" = Searchqu Toolbar
"Softonic" = Softonic toolbar on IE
"Steam App 115200" = Cossacks II: Napoleonic Wars
"Steam App 115210" = American Conquest
"Steam App 115220" = American Conquest - Fight Back
"Steam App 38830" = Crimecraft: BLEEDOUT
"Steam App 440" = Team Fortress 2
"Steam App 4850" = Cossacks: Back to War
"Steam App 4870" = Cossacks: Art of War
"Steam App 4880" = Cossacks: European Wars
"Steam App 4890" = Cossacks II: Battle for Europe
"TIPP10_is1" = TIPP10 Version 2.1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.06.2012 08:41:12 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.06.2012 08:41:12 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.07.2012 10:46:25 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 02.07.2012 10:47:37 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 02.07.2012 10:47:54 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.07.2012 10:47:54 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.07.2012 10:47:54 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.07.2012 10:47:54 | Computer Name = uweschafstall | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.07.2012 07:58:35 | Computer Name = uweschafstall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cod2.exe, Version: 2.1.12.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002dfe4 ID des fehlerhaften Prozesses:
0x16ac Startzeit der fehlerhaften Anwendung: 0x01cd5912f209d956 Pfad der fehlerhaften
Anwendung: E:\Setup\rsrc\cod2.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
6abc4919-c506-11e1-a2da-90fba6e162c3
Error - 03.07.2012 08:04:18 | Computer Name = uweschafstall | Source = MsiInstaller | ID = 1013
Description =
[ System Events ]
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:46:56 | Computer Name = uweschafstall | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 08:50:44 | Computer Name = uweschafstall | Source = DCOM | ID = 10005
Description =
< End of report >
Wäre super wenn ihr mir helfen könntet! Liebe Grüße EDIT: Ein 2ter vollständiger Scan über Malewarebytes ergab nichts. |
| Themen zu "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert". |
| bandoo, bho, blockiert, bonjour, bundesrepublik, call of duty, computer, conduit, converter, der computer ist für die verletzung, der computer ist für die verletzung der gesetze, error, excel, firefox, flash player, frage, heuristiks/extra, heuristiks/shuriken, home, infiziert., install.exe, locker, logfile, microsoft office word, mozilla, mp3, msiinstaller, mywinlocker, ntdll.dll, object, office 2007, phishing, plug-in, preferences, realtek, registry, richtlinie, scan, searchqu toolbar, searchscopes, security, siteadvisor, software, super, svchost.exe, symantec, trojaner, verletzung der gesetze, verletzung der gesetze der bundesrepublik deutschland wurde blockiert |
Baum-Darstellung