| |
| |||||||
Log-Analyse und Auswertung: Falsche Links in Google-SucheWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.09.2012, 13:02
| #1 |
| |  Falsche Links in Google-Suche Hallo liebe Experten! Ich hab auf meinem HP-Notebook (Win7pro 64 bit) seit ein paar Tagen das Problem, das hier im Forum schon öfter beschrieben wurde: Bei der Google-Suche in Firefox und Chrome und beim anschließenden Klick auf "Link in neuem Tab öffnen" öffnet sich ein falscher Link, etwa zu Viewster oder irgendwelchen Reiseseiten oä., jedenfalls nicht der, den ich anzuklicken glaubte. Avira-Guard ist im Hintergrund aktiv; ich bereinige regelmäßig mit CCleaner, muss nur leider zugeben, dass ich mit Windows-Updates (sehr) faul bin. Ich habe heute zunächst einen Avira-Scan gestartet, der ergebnislos blieb. Auch der anschließende Malwarebytes-Scan meldete keine Funde. Ebensowenig ergab der Scan über HouseCall etwas, den mein Mann mir vorgeschlagen hat. Ich mach mir trotzdem Sorgen, dass ich mir da was eingefangen habe und bitte um eure Unterstützung bei der Suche. Ich habe noch keine weiteren Schritte unternommen und warte, was ihr zu meinen Logfiles meint. Vielen Dank im voraus und herzliche Grüße aus NÖ, Susy Hier meine OTL.txt: Code:
ATTFilter OTL logfile created on: 23.09.2012 13:03:19 - Run 1 OTL by OldTimer - Version 3.2.66.0 Folder = D:\_Setups\_System\Malware entfernen 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 78,10% Memory free 15,72 Gb Paging File | 13,86 Gb Available in Paging File | 88,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,78 Gb Total Space | 174,41 Gb Free Space | 77,59% Space Free | Partition Type: NTFS Drive D: | 223,68 Gb Total Space | 105,23 Gb Free Space | 47,04% Space Free | Partition Type: NTFS Drive F: | 1,99 Gb Total Space | 1,48 Gb Free Space | 74,72% Space Free | Partition Type: FAT32 Computer Name: NB-SUSY2 | User Name: Susy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.23 12:41:44 | 000,601,600 | ---- | M] (OldTimer Tools) -- D:\_Setups\_System\Malware entfernen\OTL.exe PRC - [2012.06.20 13:51:58 | 002,206,984 | ---- | M] (AgileBits) -- D:\Datenbanken\1Password\Agile1pAgent.exe PRC - [2012.06.20 13:51:48 | 000,768,776 | ---- | M] (AgileBits) -- D:\Datenbanken\1Password\Agile1pService.exe PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.17 01:04:20 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.07.26 14:09:00 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.30 15:55:00 | 004,910,592 | ---- | M] () -- C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.02.04 15:24:32 | 002,346,496 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe PRC - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe PRC - [2010.04.05 19:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2010.04.05 19:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2010.02.25 16:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2009.12.03 10:12:10 | 000,245,248 | ---- | M] () -- C:\Program Files\activAid\AutoHotkey\AutoHotkey.exe PRC - [2009.11.25 03:57:20 | 000,627,976 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2009.11.21 05:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.11.19 00:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe PRC - [2009.11.04 23:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.04 23:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2012.03.31 16:36:22 | 000,376,832 | ---- | M] () -- D:\Datenbanken\1Password\js3215R.dll MOD - [2011.05.30 15:55:00 | 004,910,592 | ---- | M] () -- C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe MOD - [2011.02.04 15:24:38 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll MOD - [2011.02.04 15:24:32 | 002,346,496 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe MOD - [2010.12.12 12:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll MOD - [2010.12.12 12:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll MOD - [2010.12.12 12:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll MOD - [2010.12.12 12:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll MOD - [2010.12.12 12:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll MOD - [2010.12.12 12:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll MOD - [2010.05.23 20:20:08 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lfs.dll MOD - [2010.05.23 20:20:04 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lua51.dll MOD - [2009.12.03 10:12:10 | 000,245,248 | ---- | M] () -- C:\Program Files\activAid\AutoHotkey\AutoHotkey.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.03.20 19:43:42 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2012.03.20 19:43:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2011.08.31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.07.06 10:36:36 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2011.06.03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011.05.13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010.07.21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2010.02.18 15:52:30 | 002,045,232 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2010.02.01 18:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV:64bit: - [2010.02.01 18:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge) SRV:64bit: - [2009.11.25 03:57:20 | 000,462,088 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2009.11.20 00:14:32 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009.08.03 22:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.21 18:35:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.10 07:47:14 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.20 13:51:48 | 000,768,776 | ---- | M] (AgileBits) [Auto | Running] -- D:\Datenbanken\1Password\Agile1pService.exe -- (Agile1Password) SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.07.26 14:09:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.06 10:34:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.04.05 19:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.02.18 15:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.11.19 00:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2009.11.04 23:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.04 23:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.20 19:43:43 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.08.08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.08.08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.08.03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.07.26 14:09:01 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.26 14:09:01 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.20 01:08:54 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.05.20 01:08:54 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.05.13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.09.11 01:15:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.06.03 17:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010.04.21 17:00:30 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2010.04.21 11:56:28 | 000,091,280 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yusbaud64.sys -- (yusbaud64) DRV:64bit: - [2010.04.05 19:31:54 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.02.01 18:11:36 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock) DRV:64bit: - [2010.02.01 18:11:34 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock) DRV:64bit: - [2010.02.01 18:11:32 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot) DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.12.30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009.11.21 05:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.21 05:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.06 02:36:26 | 000,293,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009.10.29 02:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2009.10.26 23:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2009.10.26 22:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.29 01:46:00 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2009.09.17 22:56:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.09.17 22:56:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.09.17 22:56:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.09.17 22:56:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.16 16:55:00 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2009.08.26 12:45:10 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2009.08.03 22:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.07.21 00:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.26 02:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.06.26 01:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.06.26 01:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 12:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008.02.13 12:35:46 | 012,379,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD) DRV - [2010.02.01 18:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SbAlg) DRV - [2010.02.01 18:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2010.02.01 18:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\rsvlock.sys -- (RsvLock) DRV - [2010.02.01 18:11:22 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009.09.16 16:55:00 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.08.26 12:45:10 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2008.02.13 12:34:50 | 012,067,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71} IE:64bit: - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4 IE - HKLM\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71} IE - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71} IE - HKCU\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Susy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Susy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010.09.11 00:53:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 07:47:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.09 09:14:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.03.04 20:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Extensions [2011.07.07 00:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.06 21:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions [2011.07.22 19:57:07 | 000,000,000 | ---D | M] (Image Zoom) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2012.01.04 15:08:41 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2011.07.22 19:57:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.30 08:48:54 | 000,000,000 | ---D | M] (FEBE) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2012.04.09 20:08:13 | 000,000,000 | ---D | M] (IE Tab) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2012.09.04 14:02:41 | 000,000,000 | ---D | M] (WOT) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.04.07 12:17:11 | 000,000,000 | ---D | M] (HP Detect) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012.06.09 01:01:01 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2011.07.22 19:57:27 | 000,000,000 | ---D | M] (Unread Tabs) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{f57f9be0-5281-11d9-9669-0800200c9a664} [2011.07.22 19:57:28 | 000,000,000 | ---D | M] (bit.ly preview) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\bitlypreview@jay.ridgeway [2012.02.09 22:56:26 | 000,000,000 | ---D | M] (Cooliris) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\piclens@cooliris.com [2011.07.22 19:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\temp [2012.07.31 08:29:49 | 000,242,942 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\brief@mozdev.org.xpi [2012.09.04 12:36:27 | 001,625,368 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\firebug@software.joehewitt.com.xpi [2012.09.06 21:28:48 | 001,515,292 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\onepassword@agilebits.com.xpi [2012.09.04 12:14:50 | 000,084,654 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2012.08.28 19:34:12 | 000,341,143 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.09.05 21:34:01 | 001,268,546 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.07.25 09:01:07 | 000,741,958 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.21 22:10:52 | 000,138,614 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.07.12 07:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.12 07:10:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.10 07:47:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.18 11:32:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 07:47:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.18 11:32:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.18 11:32:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.18 11:32:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.18 11:32:12 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: about:home CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Susy\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Susy\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Susy\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Susy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\users\Susy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\users\Susy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: 1Password = C:\users\Susy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkndfifopckmhdkohjeoljlbfnjhekfg\3.9.8.39899_0\ CHR - Extension: General Crawler = C:\users\Susy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\ CHR - Extension: Google Mail = C:\users\Susy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.07.12 11:13:42 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - D:\Datenbanken\1Password\Agile1pIE.dll (AgileBits) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACPW05DE] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems) O4 - HKLM..\Run: [Agile1pAgent] D:\Datenbanken\1Password\Agile1pAgent.exe (AgileBits) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [KCodes UDS Control Center] C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe () O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [pdfSaver3] File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe () O4 - Startup: C:\Users\Susy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk = File not found O4 - Startup: C:\Users\Susy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\users\Susy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - D:\Datenbanken\1Password\Agile1pIE.dll (AgileBits) O9 - Extra 'Tools' menuitem : 1Password Ctrl+Alt+P - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - D:\Datenbanken\1Password\Agile1pIE.dll (AgileBits) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.3.96.67 213.33.98.136 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D7426F6-070B-42DD-A47A-826DAAF5D4CC}: DhcpNameServer = 195.3.96.67 213.33.98.136 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.23 12:10:13 | 000,000,000 | ---D | C] -- C:\Users\Susy\AppData\Roaming\Malwarebytes [2012.09.23 12:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [2012.09.23 12:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.23 12:10:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.09.23 12:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes [2012.08.28 19:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.08.26 07:46:47 | 000,000,000 | ---D | C] -- D:\_Desktop\Neuer Ordner [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Susy\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Susy\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Susy\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Susy\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2012.09.23 13:05:19 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.23 13:05:19 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.23 13:02:00 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.09.23 13:02:00 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.09.23 13:02:00 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.09.23 13:02:00 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.09.23 13:02:00 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.09.23 12:57:17 | 000,000,310 | ---- | M] () -- C:\windows\tasks\wwzvrpoxkw.job [2012.09.23 12:57:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.09.23 12:57:05 | 2033,745,919 | -HS- | M] () -- C:\hiberfil.sys [2012.09.23 12:56:07 | 000,000,020 | ---- | M] () -- C:\Users\Susy\defogger_reenable [2012.09.23 12:35:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.09.23 12:10:05 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.23 12:09:14 | 000,881,281 | ---- | M] () -- C:\Users\Susy\AppData\Local\census.cache [2012.09.23 12:09:05 | 000,144,546 | ---- | M] () -- C:\Users\Susy\AppData\Local\ars.cache [2012.09.23 11:59:03 | 000,000,036 | ---- | M] () -- C:\Users\Susy\AppData\Local\housecall.guid.cache [2012.09.18 13:28:00 | 000,001,953 | ---- | M] () -- C:\Users\Susy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk [2012.09.14 08:14:34 | 000,184,320 | RHS- | M] () -- C:\windows\SysWow64\pnrpnspx.dll [2012.09.12 10:45:43 | 000,001,487 | ---- | M] () -- D:\_Desktop\remember this.lnk [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.08.29 08:17:00 | 007,897,371 | R--- | M] () -- D:\_Desktop\weinherbst_weinviertel_2012.pdf ========== Files Created - No Company Name ========== [2012.09.23 12:56:06 | 000,000,020 | ---- | C] () -- C:\Users\Susy\defogger_reenable [2012.09.23 12:10:05 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.23 12:09:14 | 000,881,281 | ---- | C] () -- C:\Users\Susy\AppData\Local\census.cache [2012.09.23 12:09:05 | 000,144,546 | ---- | C] () -- C:\Users\Susy\AppData\Local\ars.cache [2012.09.23 11:59:03 | 000,000,036 | ---- | C] () -- C:\Users\Susy\AppData\Local\housecall.guid.cache [2012.09.14 08:14:34 | 000,184,320 | RHS- | C] () -- C:\windows\SysWow64\pnrpnspx.dll [2012.09.14 08:14:34 | 000,000,310 | ---- | C] () -- C:\windows\tasks\wwzvrpoxkw.job [2012.09.12 10:45:43 | 000,001,487 | ---- | C] () -- D:\_Desktop\remember this.lnk [2012.08.29 08:16:48 | 007,897,371 | R--- | C] () -- D:\_Desktop\weinherbst_weinviertel_2012.pdf [2012.04.06 17:47:59 | 000,000,000 | RHS- | C] () -- C:\Users\Susy\AppData\Roaming\CoreXPSP.dll [2012.04.06 17:47:14 | 000,164,352 | ---- | C] () -- C:\windows\SysWow64\UNRAR.DLL [2012.04.06 17:47:14 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\UNACEV2.DLL [2012.03.02 06:16:33 | 012,067,328 | ---- | C] () -- C:\windows\SysWow64\drivers\snp2sxp.sys [2012.03.02 06:16:33 | 000,025,472 | ---- | C] () -- C:\windows\SysWow64\drivers\sncamd.sys [2012.03.02 06:16:33 | 000,015,497 | ---- | C] () -- C:\windows\snp2std.ini [2012.03.02 06:16:30 | 000,151,552 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2std.dll [2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe [2011.11.27 13:55:48 | 000,002,428 | ---- | C] () -- C:\windows\CDPlayer.ini [2011.10.05 22:00:37 | 000,025,600 | ---- | C] () -- C:\Users\Susy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.10 14:10:06 | 000,001,474 | ---- | C] () -- C:\Users\Susy\AppData\Local\RecConfig.xml [2011.09.09 23:16:13 | 006,908,648 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe [2011.09.09 23:16:13 | 000,017,686 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011.08.27 19:53:00 | 000,000,017 | ---- | C] () -- C:\Users\Susy\AppData\Local\resmon.resmoncfg [2011.08.18 19:16:14 | 000,185,236 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat [2011.08.12 21:04:09 | 000,000,078 | ---- | C] () -- C:\windows\BBW_INFO.INI [2011.07.22 17:11:50 | 001,673,216 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe [2011.07.22 17:11:50 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe [2011.07.22 17:11:50 | 000,014,848 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll [2011.07.22 17:11:50 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys [2011.07.22 17:11:50 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys [2011.07.12 15:16:09 | 000,000,531 | ---- | C] () -- C:\windows\eReg.dat [2011.07.09 22:46:54 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2011.07.06 23:05:54 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2011.07.06 11:03:53 | 000,000,049 | ---- | C] () -- C:\windows\wininit.ini [2011.05.20 00:22:45 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll [2011.05.20 00:22:45 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2011.05.20 00:22:45 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Susy\AppData\Local\lame_enc.dll [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Susy\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Susy\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Susy\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Susy\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Susy\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 11:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.07.22 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\ACD Systems [2011.07.22 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Agile Web Solutions [2011.07.28 18:29:45 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Ashampoo [2012.04.17 18:57:18 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Audacity [2011.07.11 10:28:01 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\BMDNTCS [2011.07.28 18:45:14 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\DAEMON Tools Lite [2012.04.06 17:47:16 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Dateicommander [2011.09.09 23:18:09 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\dBpoweramp [2011.07.22 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\DigitalPersona [2012.09.23 12:58:03 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Dropbox [2012.09.04 22:06:36 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\FILEminimizerPictures [2011.07.22 11:35:37 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\GHISLER [2012.09.23 08:57:31 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\MailWasherPro [2012.03.04 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Media Finder [2012.09.20 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\MediaMonkey [2011.11.13 18:05:02 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Mp3tag [2012.01.18 11:17:38 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\OpenOffice.org [2011.12.31 10:36:15 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\PanoramaStudio [2012.05.07 15:23:54 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\PhotoSync [2011.07.22 19:57:37 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Software Informer [2011.07.22 19:57:42 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Thunderbird [2012.03.09 18:59:53 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 65 bytes -> D:\_Desktop\OE1_RUD120502_HP.mp3:com.dropbox.attributes < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.09.2012 13:03:19 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = D:\_Setups\_System\Malware entfernen
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7,86 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 78,10% Memory free
15,72 Gb Paging File | 13,86 Gb Available in Paging File | 88,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224,78 Gb Total Space | 174,41 Gb Free Space | 77,59% Space Free | Partition Type: NTFS
Drive D: | 223,68 Gb Total Space | 105,23 Gb Free Space | 47,04% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,48 Gb Free Space | 74,72% Space Free | Partition Type: FAT32
Computer Name: NB-SUSY2 | User Name: Susy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [DateiCommander] -- C:\Program Files (x86)\DateiCommander\DateiCommander.exe %1 (Ch.Lütgens & Co)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1"
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [DateiCommander] -- C:\Program Files (x86)\DateiCommander\DateiCommander.exe %1 (Ch.Lütgens & Co)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1"
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0474160A-586B-46F7-815C-CBDE7EB6AE3C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06ECEF8D-741B-459F-8A6E-E2B5BEDEBAA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A6E2890-BC5C-4D58-95A1-5E23F55B9B3F}" = lport=7428 | protocol=17 | dir=in | name=multifunction network server udp port |
"{0FEEB416-DF41-419E-8C31-7AD0D340FE93}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{114043B6-9E95-4C18-86AC-B4483C61A8F6}" = lport=139 | protocol=6 | dir=in | app=system |
"{14DB2F36-E5A7-45FC-A4CB-D7084E55BA02}" = lport=2869 | protocol=6 | dir=in | app=system |
"{20CC217B-AEC8-4FB9-BEB7-9DFF022704DC}" = lport=7428 | protocol=17 | dir=in | name=multifunction network server udp port |
"{2C30FFD0-6816-4E79-AD96-79097FB58121}" = rport=445 | protocol=6 | dir=out | app=system |
"{3933DE96-D804-48E1-B1E6-84540BF23D21}" = rport=10243 | protocol=6 | dir=out | app=system |
"{64067417-0A4C-4951-B1DC-8F68B98C1508}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66491921-6EA4-44DE-B39D-545C3C39C8BF}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{777AD6CA-B809-4BE4-B670-0A5885853829}" = lport=445 | protocol=6 | dir=in | app=system |
"{77C1CB60-E753-4244-AE8F-0B26591D7C42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78B33140-1125-4402-82FF-C374AD278B05}" = lport=10243 | protocol=6 | dir=in | app=system |
"{94CF8B43-72F8-44DC-A718-9593D10D7F55}" = lport=35722 | protocol=6 | dir=in | name=photosync |
"{98343BDF-1279-4EA1-964E-168E0CECCE88}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A1385B60-FBB5-47A2-8972-1B51E855978C}" = lport=137 | protocol=17 | dir=in | app=system |
"{A3A72941-A3A1-40A7-9B46-2A0B5E38936E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB220AB7-76A1-4739-BA05-32D23A2C3115}" = rport=137 | protocol=17 | dir=out | app=system |
"{ABA2A825-2B4E-4EE3-AE40-8BB8DC3253B7}" = rport=138 | protocol=17 | dir=out | app=system |
"{B4B5ECA8-5DBD-4B85-87A9-3F2638285E18}" = lport=138 | protocol=17 | dir=in | app=system |
"{C883F5C3-E3A9-4EC1-B306-DCD90FD6D806}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E913F1AD-5002-47F3-820E-0EAECEE8D53E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{EA66EC59-B89E-494F-AE25-56AE7BBF638F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F23295E5-2169-4509-8707-C07DD94224AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F6D70EA0-103A-40A0-8523-D83C2CBC9551}" = rport=139 | protocol=6 | dir=out | app=system |
"{F77B255F-B99F-4204-9099-93FFF722E4FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B939A8-EE7B-4F89-A628-3EB84D4B1076}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{06B74326-313A-4752-ABB0-2B025292EA3F}" = protocol=6 | dir=in | app=c:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe |
"{0C86E581-73C1-4EE5-BD08-80F278E7F618}" = protocol=6 | dir=in | app=c:\program files (x86)\assmann\usb device server\control center.exe |
"{255A841A-3253-4D41-8DAB-7E58B3605FC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39E45375-16ED-4EC4-A934-EE722EEC2F0A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3CB9F1A7-6BAD-46DB-9633-74DF9BE081E1}" = protocol=17 | dir=in | app=c:\program files (x86)\assmann\usb device server\control center.exe |
"{459EAB35-612A-410E-A7FB-294E3AE80CD1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{59279833-F131-45F7-89A0-D75DB737EFFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60247CB0-C3CC-4FFF-9A09-4D6CFAAC1056}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6266DB7B-CFAC-4F34-A5EA-E4740DD1DB16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{62D7FD2F-FEF6-4ECC-BEA6-1E1C397606A5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{648DDF82-E6E6-48EC-AFED-FBF720948834}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6CE48981-0DF3-433A-A588-0CB5C1F3B879}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7270ED0C-8054-408D-A6E4-ACA66761C440}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73406E5F-1012-414E-9C7A-3465331EFB4B}" = protocol=6 | dir=out | app=system |
"{74D10CB8-C41C-4E3E-B6F1-EA22A2BA6C31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{795F9CA1-6708-4860-83C3-67BDF6ECF986}" = protocol=17 | dir=in | app=c:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe |
"{85292A0B-7812-4DAB-9481-9327A81FFECC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93A2113A-36E8-4EE2-98F7-01A007511E10}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{93C5F7EE-4CAC-401F-AA7E-7D485CD0A42F}" = protocol=17 | dir=in | app=c:\program files (x86)\assmann\usb device server\control center.exe |
"{9DB4C487-3ED9-48E9-AA77-59DBAC0E8A9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9F9AA9E-7C22-4C0A-ADED-62071BC7E7EF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{AB590491-AC51-442F-8227-2F6979CD4BA2}" = protocol=6 | dir=in | app=c:\program files (x86)\assmann\usb device server\control center.exe |
"{B09CBF6F-8EB0-47AD-B7E7-693A1CAEFF80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B41428EF-267F-46D4-912E-17DB48AAF601}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC720DE1-9B34-4FB4-A00A-30A5D184A3F2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{BD71CC7D-694B-42B4-9FBE-C583C349E7B7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BE02B116-0117-4D4C-BEF6-C38AC08F097F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CB768A62-F1DC-4BF2-8FB2-462E9D800125}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6D9FA70-1BC3-420D-ABEF-AAA77AFA1B01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAC62375-E5B5-4664-9658-BF1CCA68EBEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E874A561-B0D7-40D4-856C-1FD363FD5277}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E8AB4ED8-D42F-400E-8967-3E569A6B4106}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFF7D509-CCC0-4001-83F1-7FCBFAFB9AEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F6D6D2B5-42C2-4704-9EBF-1CC1F8DB85E2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FD0959EE-E84E-4F67-B562-FAACF4F7D879}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{74461708-03BA-456A-834D-1BEAF79E1AF6}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{8240F559-7E57-4FA5-891D-D611B1014C07}D:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=d:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F4BA60F4-A7BD-4439-BD8B-5424981CE673}D:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=d:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0ED0A004-D24B-40E0-A4CE-DF73F8818252}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{C8AA8AFE-2FED-4F5F-9847-898E25977066}D:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=d:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DC2FCFB5-6F5C-4544-AB78-21F4A774690E}D:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=d:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01AF7A15-6785-4878-8924-AB894172DA94}" = PhotoSync
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{2917FD4B-9D6C-4012-BB45-DC9722CA78E2}" = HP ProtectTools Security Manager
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Drive Backup™ 9.5 Professional Edition
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8F258628-2E18-4C2E-8127-EF4EFAF5F75C}" = HP 3D DriveGuard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{938C9D51-4233-4DCE-A650-96918ACDBF3E}" = HP Power Data
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A94AABAE-52F0-48C4-9F94-A4CA4B423576}" = Adobe Photoshop Lightroom 3.2 64-bit
"{ABCB696E-2494-48FC-826D-0666CEE460DB}" = Drive Encryption for HP ProtectTools
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{BD7AB0B9-4491-4642-B6BB-2560648A0A22}" = HP Power Assistant
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DBB6FD33-2B16-45EB-93E1-C14344F9205C}" = Yamaha USB Audio Driver
"{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}" = Validity Fingerprint Driver
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE3DEA5D-60D7-4C92-A71F-1E1F2F4615FC}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"CCleaner" = CCleaner
"doPDF 6 printer_is1" = doPDF 6.3 printer
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17DEA3ED-86EA-4D28-849C-20CB030F4963}" = Multifunction Network Server
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{23355AD7-F773-4419-971D-1577A793D4B5}" = MindManager X5 Pro
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5B059455-4572-4F70-8D91-2097B07215E5}" = HP ESU for Microsoft Windows 7
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = D-PEN
"{7861911B-4270-498A-8F7A-FCF0570F484B}" = HP QuickWeb
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{9966A5DB-8BB0-4D89-A701-386ED84E79B8}" = Adobe Creative Suite 4 Master Collection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BAB4AAD2-93A4-11D4-A165-00508B67A692}" = Client
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6}" = Adobe Setup
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"1Password_is1" = 1Password 1.0.9.296
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_7e74552a59eaf9fafd13f90894ac9bd" = Adobe Creative Suite 4 Master Collection
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AutoHotkey" = AutoHotkey 1.1.00.00
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BB_is1" = Band-in-a-Box 2006
"BMD SYSTEMHAUS - BMD55" = BMD SYSTEMHAUS - BMD55
"cam2pc" = cam2pc (remove only)
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"Columbus Tree Mod" = Columbus Tree Mod 1.0 deutsch
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"DateiCommander 13.1_is1" = DateiCommander13
"Daub Ages" = Daub Ages! 1.53
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Drive Encryption" = Drive Encryption for HP ProtectTools
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 4.1.1 Professional
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"Noise Ninja (Standalone Version)_is1" = Noise Ninja 2 (Standalone Version)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PanoramaStudio" = PanoramaStudio 1.3 (deinstallieren)
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"PixGEN_is1" = PixGEN v.2.8.1
"PSPad editor_is1" = PSPad editor
"Rainlendar2" = Rainlendar2 (remove only)
"ShapeCollage" = Shape Collage
"Software Informer_is1" = Software Informer 1.0 BETA
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.08.2012 05:11:33 | Computer Name = NB-Susy2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 06.08.2012 09:23:29 | Computer Name = NB-Susy2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.08.2012 19:01:42 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description =
Error - 18.08.2012 05:33:13 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description =
Error - 18.08.2012 05:43:48 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description =
Error - 18.08.2012 05:45:54 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description =
Error - 18.08.2012 15:50:23 | Computer Name = NB-Susy2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 21.08.2012 04:47:13 | Computer Name = NB-Susy2 | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16768 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 7d8 Startzeit: 01cd7abc0a6ce214 Endzeit: 60000 Anwendungspfad:
C:\windows\Explorer.EXE Berichts-ID: 95cb3219-eb6c-11e1-94c6-cc52af862797
Error - 21.08.2012 12:16:55 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description =
Error - 21.08.2012 12:22:40 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description =
Error - 23.08.2012 11:41:17 | Computer Name = NB-Susy2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: tapisrv.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4a5be077 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007feef5787f3
ID
des fehlerhaften Prozesses: 0x61c Startzeit der fehlerhaften Anwendung: 0x01cd7f7c3552ff0a
Pfad
der fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: tapisrv.dll Berichtskennung: f9db84d5-ed38-11e1-a278-cc52af862797
[ Hewlett-Packard Events ]
Error - 05.11.2011 11:39:17 | Computer Name = NB-Susy2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111105043905.xml
File not created by asset agent
Error - 12.11.2011 18:06:39 | Computer Name = NB-Susy2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111112110636.xml
File not created by asset agent
Error - 10.12.2011 07:39:25 | Computer Name = NB-Susy2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121110123922.xml
File not created by asset agent
Error - 04.02.2012 11:38:51 | Computer Name = NB-Susy2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021204043844.xml
File not created by asset agent
Error - 19.03.2012 02:41:45 | Computer Name = NB-Susy2 | Source = HPSF.exe | ID = 4000
Description =
Error - 19.03.2012 02:41:47 | Computer Name = NB-Susy2 | Source = HPSF.exe | ID = 4000
Description =
Error - 15.04.2012 15:27:29 | Computer Name = NB-Susy2 | Source = HPSF.exe | ID = 4000
Description =
Error - 15.04.2012 15:27:46 | Computer Name = NB-Susy2 | Source = hpsa_service.exe | ID = 2000
Description =
Error - 15.07.2012 01:33:37 | Computer Name = NB-Susy2 | Source = HPSF.exe | ID = 4000
Description =
Error - 03.09.2012 01:40:23 | Computer Name = NB-Susy2 | Source = hpsa_service.exe | ID = 2000
Description =
[ HP Power Assistant Events ]
Error - 22.09.2012 17:06:38 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
Error - 22.09.2012 17:13:21 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 22.09.2012 17:13:28 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
Error - 23.09.2012 02:55:40 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
Error - 23.09.2012 04:14:50 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 23.09.2012 04:14:53 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
Error - 23.09.2012 04:45:27 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
Error - 23.09.2012 04:51:37 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 23.09.2012 04:51:41 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
Error - 23.09.2012 05:43:06 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
[ HP Software Framework Events ]
Error - 10.09.2012 09:58:44 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 15:58:44.097|00000228|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 10.09.2012 09:59:57 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 15:59:57.415|000008F8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 10.09.2012 09:59:58 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 15:59:58.335|000029F8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 10.09.2012 10:00:00 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 16:00:00.655|00002374|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 10.09.2012 10:00:01 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 16:00:01.541|00002A98|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 10.09.2012 10:00:05 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 16:00:05.942|000021DC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 15.09.2012 16:01:12 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.15 22:01:12.914|00001FDC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 15.09.2012 16:01:14 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.15 22:01:14.267|00002E54|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 22.09.2012 15:43:28 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.22 21:43:28.175|000013FC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 22.09.2012 15:43:29 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.22 21:43:29.346|00000AEC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ HP Wireless Assistant Events ]
Error - 25.02.2012 08:32:56 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 25.02.2012 09:21:40 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 25.02.2012 12:17:50 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 25.02.2012 14:54:16 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 25.02.2012 16:26:43 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 25.02.2012 18:16:00 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 26.02.2012 05:25:02 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
Error - 26.02.2012 05:26:53 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
Error - 26.02.2012 07:16:20 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 26.02.2012 10:06:11 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
[ System Events ]
Error - 22.09.2012 15:31:04 | Computer Name = NB-Susy2 | Source = bowser | ID = 8003
Description =
Error - 23.09.2012 06:56:26 | Computer Name = NB-Susy2 | Source = DCOM | ID = 10010
Description =
Error - 23.09.2012 06:57:29 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimspci" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 23.09.2012 06:57:29 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "risdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 23.09.2012 06:57:29 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rixdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 23.09.2012 06:58:20 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 23.09.2012 06:58:20 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 23.09.2012 06:58:50 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 23.09.2012 06:58:50 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 23.09.2012 06:58:52 | Computer Name = NB-Susy2 | Source = bowser | ID = 8003
Description =
< End of report >
|
|
23.09.2012, 13:11
| #2 |
| /// Malware-holic   |  Falsche Links in Google-Suche hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.09.23 12:57:17 | 000,000,310 | ---- | M] () -- C:\windows\tasks\wwzvrpoxkw.job
[2012.09.14 08:14:34 | 000,184,320 | RHS- | M] () -- C:\windows\SysWow64\pnrpnspx.dll
:Files
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 danach: downloade get info: File-Upload.net - Datei nicht gefunden doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten.
__________________ |
|
23.09.2012, 15:28
| #3 | ||
| | Falsche Links in Google-Suche Hallo Markus,
__________________vielen Dank für die superflotte Analyse und Antwort! 1. OTL - Commands: habe ich erledigt, Neustart fand statt, alles sah gut aus. Nur: Zitat:
1a. OTL - Zipfile: Gezippten moved-files-Ordner in den Uploadchannel laden - ist erledigt. Upload erfolgreich beendet. 2. GETINFO: Zitat:
Auf file-upload.net bekomme ich die Fehlermeldung "Datei existiert nicht! Diese Datei wurde vom User oder durch eine Abuse-Meldung gelöscht." (...und sehe auf derselben Seite große, verführerische Downloadbuttons, die mir ein ganz anderes Programm reindrücken wollen (iLividSetupV1.exe), was Ottilie Normaluser eventuell auf Abwege gebracht hätte... Von der Website nicht sehr sauber gehandhabt, wie ich finde.) Ich kann daher momentan mit keinem der beiden Textfiles aufwarten. Entschuldigung!  LG Susy |
|
25.09.2012, 17:48
| #4 |
| /// Malware-holic | Falsche Links in Google-Suche ich lad die datei noch mal später hoch. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.09.2012, 19:02
| #5 |
| | Falsche Links in Google-Suche Hi! Danke, das hab ich gemacht. Den Avira-Guard hatte ich deaktiviert. ComboFix gab trotzdem eine Meldung dazu aus, ließ sich aber ohnehin nicht mehr stoppen - auch ein Klick auf das Schließen-x der Meldung (statt auf OK) führt zur Fortsetzung des Programms.  Ich hoffe also, es ist alles glattgegangen. Hier das log: Code:
ATTFilter ComboFix 12-09-24.03 - Susy 25.09.2012 19:40:33.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.43.1031.18.8047.6099 [GMT 2:00]
ausgeführt von:: d:\_desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-25 bis 2012-09-25 ))))))))))))))))))))))))))))))
.
.
2012-09-25 17:44 . 2012-09-25 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-23 10:10 . 2012-09-23 10:10 -------- d-----w- c:\users\Susy\AppData\Roaming\Malwarebytes
2012-09-23 10:10 . 2012-09-23 10:10 -------- d-----w- c:\programdata\Malwarebytes
2012-09-23 10:10 . 2012-09-23 10:10 -------- d-----w- c:\program files (x86)\Malwarebytes
2012-09-23 10:10 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-10 05:47 . 2012-09-10 05:47 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-28 17:35 . 2012-08-28 17:35 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 16:35 . 2012-04-09 07:51 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 16:35 . 2011-07-06 22:46 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 05:10 . 2012-07-12 05:10 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-12 05:10 . 2011-07-06 22:48 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-02-04 2346496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Agile1pAgent"="d:\datenbanken\1Password\Agile1pAgent.exe" [2012-06-20 2206984]
"ACPW05DE"="c:\program files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-16 822384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"KCodes UDS Control Center"="c:\program files (x86)\Assmann\USB Device Server\Control Center.exe" [2011-05-30 4910592]
.
c:\users\Susy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ac'tivAid.lnk - c:\program files\activAid\Portable_ac'tivAid.exe [2010-2-17 210671]
Dropbox.lnk - c:\users\Susy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-08-26 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-09-16 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-06 1038088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-16 1255736]
R3 yusbaud64;Yamaha USB Audio Driver;c:\windows\system32\drivers\yusbaud64.sys [2010-04-21 91280]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-20 89600]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-01 704512]
R4 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-01 281192]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-04-21 37392]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Agile1Password;1Password;d:\datenbanken\1Password\Agile1pService.exe [2012-06-20 768776]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-11-19 102968]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 AssmannUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\AssmannUDSMBus.sys [x]
S3 AssmannUDSTcpBus;AssmannUDSTcpBus;SysWOW64\Drivers\AssmannUDSTcpBus.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-11-06 293552]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 16:35]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531735382-97513462-279433948-1000Core.job
- c:\users\Susy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 16:20]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531735382-97513462-279433948-1000UA.job
- c:\users\Susy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 16:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1694016]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-20 489472]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 195.3.96.67 213.33.98.136
FF - ProfilePath - c:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: general.useragent.extra.brc -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-fsm - (no file)
Wow6432Node-HKLM-Run-pdfSaver3 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BMD SYSTEMHAUS - BMD55 - c:\windows\IsUn0407.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.032"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.amr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.apd"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.arw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bay"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.bmp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.caf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cel"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cs1"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.dcx"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.dib"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djv"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djvu"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.emf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fff"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.flc"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fli"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fpx"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.gif"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.gsm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.icn"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iff"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ilbm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.int"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.inta"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iw4"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2c"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2k"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jbr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.jfif"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.jif"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jp2"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpc"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.jpe"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.jpeg"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.jpg"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpk"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpx"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.kar"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.kdc"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.lbm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m15"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m1a"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m75"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mef"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mos"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.nrw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pbr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pct"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.pcx"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pgm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.pic"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pics"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pict"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pix"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.png"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ppm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.psp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspbrush"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspimage"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.qcp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.qtpf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ras"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.raw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgb"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgba"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.rle"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rsb"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rw2"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rwl"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sfil"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sgi"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smi"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smil"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sml"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sr2"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.srf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.srw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.swa"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.tga"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.thm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.tif"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.tiff"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ulw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50po"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50pp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50ppf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.vfw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.wbm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.wbmp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.wmf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xbm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.xif"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xmp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-25 19:46:14
ComboFix-quarantined-files.txt 2012-09-25 17:46
.
Vor Suchlauf: 13 Verzeichnis(se), 186.863.939.584 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 186.705.186.816 Bytes frei
.
- - End Of File - - AD86BDC242EE2107EF993754B68C9748
|
|
27.09.2012, 16:48
| #6 |
| /// Malware-holic | Falsche Links in Google-Suche passt lade den CCleaner standard: CCleaner Download - CCleaner 3.23.1823 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> Falsche Links in Google-Suche |
|
27.09.2012, 19:24
| #7 |
| | Falsche Links in Google-Suche Bittesehr - hoffe, das ist nicht zu unübersichtlich. Ich formatiers auch gern um! Code:
ATTFilter 1Password 1.0.9.296 AgileBits 29.06.2012 26,1MB NOTWENDIG ACDSee Pro 5 ACD Systems International Inc. 12.07.2012 144MB 5.3.168 NOTWENDIG Acrobat.com Adobe Systems Incorporated 06.07.2011 1.2.443 NOTWENDIG Adobe AIR Adobe Systems Inc. 06.07.2011 1.1.0.5790 GROSSTEIL DER ADOBE SUITE INSTALLIERT - NOTWENDIG Adobe Anchor Service x64 CS4 10.09.2010 Adobe CMaps x64 CS4 10.09.2010 Adobe Creative Suite 4 Master Collection Adobe Systems Incorporated 06.07.2011 108MB 4.0 Adobe CSI CS4 x64 10.09.2010 Adobe Drive CS4 x64 10.09.2010 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 21.09.2012 6,00MB 11.4.402.278 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 28.08.2012 6,00MB 11.4.402.265 Adobe Fonts All x64 10.09.2010 Adobe InDesign CS4 Icon Handler x64 10.09.2010 Adobe Linguistics CS4 x64 10.09.2010 Adobe PDF Library Files x64 CS4 10.09.2010 Adobe Photoshop CS4 (64 Bit) 10.09.2010 Adobe Photoshop Lightroom 3.2 64-bit Adobe 11.02.2012 358MB 3.2.1 Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 23.02.2012 121MB 10.1.2 Adobe Type Support x64 CS4 10.09.2010 Adobe WinSoft Linguistics Plugin x64 10.09.2010 GROSSTEIL DER ADOBE SUITE INSTALLIERT - NOTWENDIG Apple Application Support Apple Inc. 14.02.2012 61,1MB 2.1.6 NOTWENDIG Apple Mobile Device Support Apple Inc. 14.02.2012 24,4MB 4.0.0.97 NOTWENDIG Apple Software Update Apple Inc. 08.07.2011 2,38MB 2.1.3.127 NOTWENDIG ArcSoft WebCam Companion 3 ArcSoft 02.03.2012 79,5MB 3.0.355 NOTWENDIG Ashampoo Burning Studio 6 FREE v.6.80 ashampoo GmbH & Co. KG 28.07.2011 39,3MB 6.8.0 NOTWENDIG Audacity 1.3.13 (Unicode) Audacity Team 09.07.2011 40,1MB NOTWENDIG AutoHotkey 1.1.00.00 AutoHotkey Community 07.07.2011 1.1.00.00 NOTWENDIG (für Ac'tivAid) Avira AntiVir Personal - Free Antivirus Avira GmbH 20.03.2012 74,3MB 10.2.0.707 NOTWENDIG Band-in-a-Box 2006 PG Music Inc. 12.08.2011 NOTWENDIG BMD SYSTEMHAUS - BMD55 26.05.2012 NOTWENDIG Bonjour Apple Inc. 23.10.2011 2,00MB 3.0.0.10 NOTWENDIG cam2pc (remove only) 07.07.2011 NOTWENDIG Canon iP3600 series Benutzerregistrierung 09.06.2012 NOTWENDIG Canon iP3600 series Printer Driver 09.06.2012 NOTWENDIG Canon Utilities Easy-PhotoPrint EX 09.06.2012 NOTWENDIG CCleaner Piriform 22.08.2012 3.22 NOTWENDIG Client BMD Systemhaus GesmbH 11.07.2011 5.50.000 NOTWENDIG Columbus Tree Mod 1.0 deutsch CycleDogg 31.07.2011 1.0 deutsch UNNÖTIG (gehört zu SimCity) D-PEN Sonix 02.03.2012 5.7.26000.0 UNNÖTIG DAEMON Tools Lite DT Soft Ltd 12.07.2011 4.40.2.0131 NOTWENDIG DateiCommander13 Christian Lütgens 06.04.2012 94,0MB UNNÖTIG Daub Ages! 1.53 17.08.2011 UNNÖTIG dBpoweramp Music Converter Illustrate 09.09.2011 163MB Release 14.2 NOTWENDIG doPDF 6.3 printer Softland 16.01.2012 NOTWENDIG Drive Encryption for HP ProtectTools Hewlett-Packard 20.03.2012 67,9MB 5.0.6.0 NOTWENDIG (Notebook-Software) Dropbox Dropbox, Inc. 15.06.2012 1.4.7 NOTWENDIG EASEUS Partition Master 4.1.1 Professional EASEUS 22.07.2011 UNNÖTIG Energy Star Digital Logo Hewlett-Packard 19.05.2011 300KB 1.0.1 UNNÖTIG? Notebook-Software? Evernote v. 4.5 Evernote Corp. 20.08.2011 149MB 4.5.0.5229 UNNÖTIG FILEminimizer Pictures balesio AG 08.07.2011 NOTWENDIG Google Chrome Google Inc. 09.03.2012 17.0.963.78 NOTWENDIG HP 3D DriveGuard Hewlett-Packard Company 04.02.2012 6,99MB 4.1.10.1 NOTWENDIG (alles HP=Notebook-Software) HP Business Card Reader Hewlett-Packard 19.05.2011 62,2MB 0.6.3.0 HP Documentation Hewlett-Packard 10.09.2010 0,97GB 1.1.0.0 HP ESU for Microsoft Windows 7 Hewlett-Packard Company 08.07.2011 16,7MB 1.1.13.2 HP Integrated Module with Bluetooth wireless technology Broadcom Corporation 19.05.2011 144MB 6.2.1.500 HP Power Assistant Hewlett-Packard 10.09.2010 7,71MB 1.0.2.4 HP Power Data Hewlett-Packard 10.09.2010 1,22MB 1.0.11.114 HP Product Detection HP 07.04.2012 1,86MB 11.14.0001 HP ProtectTools Security Manager Hewlett-Packard 11.09.2010 88,6MB 5.03.635 HP Quick Launch Buttons Hewlett-Packard Company 04.02.2012 6.50.17.1 HP QuickLook Hewlett-Packard Company 06.07.2011 92,6MB 3.3.1.4 HP QuickWeb DeviceVM, Inc. 19.05.2011 353MB 1.0.1.48 HP Setup Hewlett-Packard 10.09.2010 1.2.3557.3169 HP SoftPaq Download Manager Hewlett-Packard Company 10.09.2010 14,7MB 3.0.5.0 HP Software Framework Hewlett-Packard Company 04.02.2012 4,74MB 4.1.13.1 HP Software Setup Hewlett-Packard Company 10.09.2010 11,6MB 7.0.1.5 HP Support Assistant Hewlett-Packard Company 04.02.2012 75,7MB 6.1.12.1 HP Wallpaper Hewlett-Packard Company 10.09.2010 72,4MB 1.0.1.3 HP Webcam Roxio 08.07.2011 9,76MB 1.0.26.3 HP Webcam Driver Sonix 04.02.2012 5.8.50009.6 HP Wireless Assistant Hewlett-Packard 20.03.2012 5,60MB 4.0.10.0 NOTWENDIG (alles HP=Notebook-Software) IDT Audio IDT 20.03.2012 1.0.6300.0 NOTWENDIG Intel(R) Management Engine Components Intel Corporation 10.09.2010 6.0.0.1179 NOTWENDIG Intel(R) Network Connections Drivers Intel 20.05.2011 14.8 NOTWENDIG Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed Intel Corporation 07.04.2012 5,87MB 14.2.0.0216 NOTWENDIG Intel(R) Turbo Boost Technology Driver Intel Corporation 10.09.2010 01.00.01.1002 NOTWENDIG Intel® Matrix Storage Manager Intel Corporation 20.05.2011 NOTWENDIG iTunes Apple Inc. 14.02.2012 170MB 10.5.3.3 NOTWENDIG IZArc 4.1 Ivan Zahariev 18.07.2011 12,4MB 4.1 NOTWENDIG Java(TM) 6 Update 33 Oracle 12.07.2012 95,6MB 6.0.330 NOTWENDIG LAME v3.98.3 for Audacity 09.08.2011 1,16MB NOTWENDIG LSI HDA Modem LSI Corporation 20.05.2011 16,0KB 2.2.97 NOTWENDIG (Audio-Treiber) MailWasher Pro FireTrust Limited 08.07.2011 NOTWENDIG Malwarebytes Anti-Malware Version 1.65.0.1400 Malwarebytes Corporation 23.09.2012 19,3MB 1.65.0.1400 hoffentlich nie mehr NOTWENDIG MediaMonkey 4.0 Ventis Media Inc. 03.07.2012 51,2MB 4.0 NOTWENDIG Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.02.2012 38,8MB 4.0.30319 NOTWENDIG (für Ac'tivAid) Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 16.02.2012 2,93MB 4.0.30319 NOTWENDIG (für Ac'tivAid) Microsoft Office Standard Edition 2003 Microsoft Corporation 09.07.2011 194MB 11.0.5614.0 NOTWENDIG Microsoft Silverlight Microsoft Corporation 09.04.2012 50,5MB 5.0.61118.0 NOTWENDIG Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 28.07.2011 562KB 8.0.50727.42 UNBEKANNT Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 10.09.2010 708KB 8.0.56336 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10.09.2010 788KB 9.0.30729 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 18.01.2012 788KB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.09.2010 596KB 9.0.30729 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 18.01.2012 596KB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.04.2012 11,1MB 10.0.40219 UNBEKANNT MindManager X5 Pro Mindjet LLC 22.01.2012 47,2MB 5.2.344 UNNÖTIG MobileMe Control Panel Apple Inc. 24.08.2011 11,9MB 3.1.6.0 NOTWENDIG Mozilla Firefox 15.0.1 (x86 de) Mozilla 10.09.2012 38,4MB 15.0.1 NOTWENDIG Mozilla Maintenance Service Mozilla 10.09.2012 327KB 15.0.1 NOTWENDIG? Mozilla Thunderbird (3.1.20) Mozilla 09.04.2012 3.1.20 (de) NOTWENDIG Mp3tag v2.49 Florian Heidenreich 08.07.2011 v2.49 NOTWENDIG MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.02.2012 1,27MB 4.20.9870.0 UNBEKANNT MSXML 4.0 SP2 (KB973688) Microsoft Corporation 16.02.2012 1,33MB 4.20.9876.0 UNBEKANNT Multifunction Network Server Ihr Firmenname 03.08.2012 6,43MB 1.92 NOTWENDIG (NAS) NEC Electronics USB 3.0 Host Controller Driver NEC Electronics Corporation 10.09.2010 993KB 1.0.18.0 NOTWENDIG No23 Recorder No23 09.09.2011 2,44MB 2.1.0.3 NOTWENDIG Noise Ninja 2 (Standalone Version) PictureCode LLC 05.11.2011 NOTWENDIG NVIDIA 3D Vision Treiber 295.73 NVIDIA Corporation 23.02.2012 295.73 NOTWENDIG NVIDIA Display Control Panel NVIDIA Corporation 16.02.2012 6.14.12.6128 NOTWENDIG NVIDIA Grafiktreiber 295.73 NVIDIA Corporation 23.02.2012 295.73 NOTWENDIG NVIDIA HD-Audiotreiber 1.3.12.0 NVIDIA Corporation 23.02.2012 1.3.12.0 NOTWENDIG NVIDIA nView 136.18 NVIDIA Corporation 23.02.2012 136.18 NOTWENDIG NVIDIA PhysX-Systemsoftware 9.12.0209 NVIDIA Corporation 23.02.2012 9.12.0209 NOTWENDIG OKI Network Extension Okidata 15.05.2012 1.00.000 NOTWENDIG (Drucker) OpenOffice.org 3.3 OpenOffice.org 18.01.2012 301MB 3.3.9567 NOTWENDIG PanoramaStudio 1.3 (deinstallieren) 31.12.2011 NOTWENDIG Paragon Drive Backup™ 9.5 Professional Edition Paragon Software 21.07.2011 140MB 90.00.0003 UNNÖTIG PDF-XChange 3.0 Tracker Software 22.01.2012 UNNÖTIG PG Music DirectX Plugins 1.3.4.1 PG Music Inc. 12.08.2011 NOTWENDIG (BandInABox) Photoshop Camera Raw_x64 10.09.2010 NOTWENDIG PhotoSync touchbyte GmbH 07.05.2012 3,56MB 1.5.3 NOTWENDIG PixGEN v.2.8.1 Pixopolis KG 12.11.2011 182MB NOTWENDIG PSPad editor Jan Fiala 20.07.2011 NOTWENDIG QuickTime Apple Inc. 14.02.2012 73,2MB 7.71.80.42 NOTWENDIG Rainlendar2 (remove only) 20.07.2011 NOTWENDIG Revo Uninstaller Pro 2.5.3 VS Revo Group, Ltd. 06.07.2011 34,9MB 2.5.3 NOTWENDIG RICOH Media Driver RICOH 10.09.2010 2.13.00.05 NOTWENDIG (Drucker) Shape Collage Shape Collage Inc. 14.04.2012 NOTWENDIG SimCity 4 Deluxe 28.07.2011 UNNÖTIG Skype™ 5.5 Skype Technologies S.A. 16.10.2011 17,0MB 5.5.124 NOTWENDIG Snagit 9.1.3 TechSmith Corporation 12.07.2011 59,8MB 9.1.3.16 NOTWENDIG Software Informer 1.0 BETA Informer Technologies, Inc. 08.07.2011 UNNÖTIG Synaptics Pointing Device Driver Synaptics Incorporated 11.09.2010 15.0.10.0 NOTWENDIG Theft Recovery Hewlett-Packard 20.03.2012 0,99MB 5.1.0.21 NOTWENDIG Total Commander (Remove or Repair) Ghisler Software GmbH 22.07.2011 7.56a NOTWENDIG Validity Fingerprint Driver Validity Sensors, Inc. 20.03.2012 14,8MB 4.0.15.0 NOTWENDIG Windows 7 Default Setting Hewlett-Packard Company 10.09.2010 32,0KB 1.0.1.5 vermute NOTWENDIG Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) Broadcom 20.05.2011 06/15/2009 6.2.0.9000 NOTWENDIG Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Broadcom 20.05.2011 07/30/2009 6.2.0.9405 NOTWENDIG Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 20.05.2011 07/28/2009 6.2.0.9800 UNBEKANNT (Bluetooth?) Windows Live ID Sign-in Assistant Microsoft Corporation 10.09.2010 10,0MB 6.500.3165.0 UNNÖTIG Yamaha USB Audio Driver Yamaha Corporation 19.12.2011 632KB 1.1.2 NOTWENDIG µTorrent 20.09.2011 3.0.0 UNNÖTIG |
|
01.10.2012, 19:02
| #8 |
| /// Malware-holic | Falsche Links in Google-Suche deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: D-PEN DateiCommander13 Daub EASEUS Evernote Java Download der kostenlosen Java-Software downloade java jre instalieren deinstaliere: MindManager Mozilla Thunderbird : öffnen, hilfe, update, version 15 instalieren. Paragon SimCity Software Informer Windows Live µTorrent öffne otl, bereinigen, pc startet neu öffne ccleaner, analysieren starten, pc neustarten wenn er läuft wie gewünscht (keine umleitungen zb) dann absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.74 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.10.2012, 14:46
| #9 | |
| | Falsche Links in Google-Suche Danke, dass du dir so ausgiebig Zeit nimmst! Ich hab da noch ein paar Fragen: 1. Was genau hatte ich mir denn da ursprünglich überhaupt eingefangen, und wo/wie fängt man sich sowas ein? 2. Muss ich meine Passwörter als bekannt betrachten? 3. Was passiert mit dem OTL-"MovedFiles"-Ordner? 4. Das hier versteh ich nicht ganz: Zitat:
Ich benutze 1Password zur pw-Verwaltung. Ist daran was auszusetzen? Danke+liebe Grüße! |
|
04.10.2012, 20:42
| #10 |
| /// Malware-holic | Falsche Links in Google-Suche hi 1. moved files wird gelöscht, sobald du in otl auf bereinigen geklickt hast. 2. du hattest einen trojaner der werbeanzeigen schaltet, damit wollen die besitzer geld verdienen 4. ich meine, dass jede seite ein extra passwort benötigt. ich weis nicht, ob das von dir verwendete tool einen passwort generator hatt, der machts dir nämlich leichter, sichere passwörter zu erstellen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.10.2012, 13:20
| #11 |
| |  Falsche Links in Google-Suche Hey Markus, leider hab ich seit der Bereinigung mit OTL massive Schwierigkeiten. Beim Neustart sah ich für 10ms einen Bluescreen (er hatte wohl irgendwas mit "Fehler bei angeschlossenem Gerät" zu tun, ich hab ihn zweimal gesehen; aber das einzige, was zu diesem Zeitpunkt angeschlossen war, war eine Maus). Danach nix als Chaos. Systemwiederherstellung war nötig, da ohne kein W7-Start mehr möglich war; mein Benutzerprofil war danach aber tot, ich konnte nicht mehr einsteigen, wurde ständig nur über ein temporäres Profil angemeldet... Viele Stunden später hatte ich mein Profil endlich wieder soweit, hab alles neu eingerichtet (Daten für Mailaccounts, etc, benutzerdefinierte Symbolleisten, Arbeitsbereiche in Programmen, war alles nicht mehr da). Habe dann nochmal alles nicht Benötigte deinstalliert, dann Windows-Updates gemacht. Bei einem der nächsten Neustarts nach den Updates war aber wieder kein Einstieg mehr möglich, "Die Anmeldung des Gruppenrichtlinienclient ist fehlgeschlagen". Meine Vermutung ist, dass letzteres Problem etwas mit den Windows-Updates in Verbindung mit meiner gelegten Junction von C:\users nach D:\users zu tun hat - obwohl ich bei den Updates keinerlei Fehlermeldung hatte. Vielleicht ist das aber auch Unsinn. Seither viele Stunden gebrütet und probiert, momentan gehts so halbwegs, aber nicht sonderlich zuverlässig oder gar schnell. Drucker lassen sich über NAS zB derzeit nicht ansteuern. Danke für deine Hilfe bis hierher, aber ich werd vermutlich meinen Rechner demnächst neu aufsetzen. Liebe Grüße, Susy |
|
17.10.2012, 16:12
| #12 |
| /// Malware-holic | Falsche Links in Google-Suche sorry für die wartezeit, gesundheitliche probleme. ok dann setzen wir neu auf: 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.11.2012, 10:53
| #13 |
| | Falsche Links in Google-Suche Danke, Markus, im Moment läuft alles. Hab mir Emsisoft geleistet und installiert, neu aufsetzen werde ich vielleicht demnächst mal, wenn Urlaub und Zeit ist. Danke für deine Hilfe bisher! LG Susy |
|
14.11.2012, 13:44
| #14 |
| /// Malware-holic | Falsche Links in Google-Suche hi emsisoft öffnen, einstellungen klicken. geplanter scan. wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen. uhrzeit, und bei monatlich ebenfalls datum wählen. unsichtbar, falls du das scan fenster nicht sehen möchtest. und verpasste scans nachholen. auto update: intervall, täglich, stündlich von 00.00 bis 23.59 heißt jede stunde updates. einstellung: update am antimalware network teilnemen. die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen. rest bleibt. klicke jetzt auf wächter: dort auf wächter. verhaltensanalyse aktivieren, alles selektieren. jetzt auf alarme: aktiviere dort comunety basierte alarm reduktion. unter anderem dafür gibt es das antimalware network. die comunety basierte alarm reduktion betrifft die verhaltensanalyse. emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht. da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert. hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert. wenn du dir das allein zutraust, musst du den haken nicht setzen. wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt jetzt auf datei wächter. standard atkion für erkannte objekte, alarmieren. surf schutz: hier alles auf blockieren mit info. wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln. wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt. das währe es, hoffe es war verständlich.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Falsche Links in Google-Suche |
| adobe after effects, antivir, bho, bonjour, brief, desktop, error, excel, failed, fehler, firefox, flash player, helper, homepage, hängen, launch, mozilla, mp3, pixel, plug-in, problem, programm, registry, revo uninstaller, richtlinie, security, server, software, svchost.exe, system, tab öffnen, third party, total commander, usb, usb 3.0, win7pro |
Linear-Darstellung
