|
Plagegeister aller Art und deren Bekämpfung: Searchcore erscheint immer wenn Firefox beendet wird.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.01.2013, 23:44 | #1 |
| Searchcore erscheint immer wenn Firefox beendet wird. Hallo. Ich habe das Problem, wenn ich Firefox beende, sich immer SEARCHCORE meldet um Einstellungen vorzunehmen. Es erschein dann immer in der rechten unteren Ecke ein Fenster wenn ich den Browser beende. Wenn ich Firefox starte, ist bisher alles normal. Die Startseite hat sich nicht geändert. Ich hatte schon einmal Probleme mit Searchcore. Dabei war meine Startseite die von Searchcore. Ich habe damals meine externe Systemsicherung einfach neu aufgespielt und das Problem war behoben.....ODER DOCH NICHT? Ich habe nun einmal Malwarebytes im Quickscann durchlaufen lassen = Ergebnis OHNE Fund. (siehe Scan-Bericht 1) Im zweiten Schritt habe ich zur Sicherheit noch einen Vollscann machen lassen = Ergebnis (siehe Scan-Bericht 2) Ich bin mir nun nicht sicher, ob ich wirklich von Searchcore befallen bin oder nicht! MfG Matthias Mein Betriebs-System ist WIN7 Home Premium 64bit ServisPack 1 HARDWARE: Acer Aspire 5740G Scan-Bericht 1: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.05.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 [Administrator] 05.01.2013 20:02:28 mbam-log-2013-01-05 (20-02-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215396 Laufzeit: 6 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Scan-Bericht 2: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.05.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 [Administrator] 05.01.2013 20:11:45 mbam-log-2013-01-05 (20-11-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 519951 Laufzeit: 3 Stunde(n), 25 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
06.01.2013, 03:45 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Searchcore erscheint immer wenn Firefox beendet wird. Hallo und
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
06.01.2013, 14:12 | #3 |
| Searchcore erscheint immer wenn Firefox beendet wird. Hallo. Und danke für die schnelle Antwort.
__________________So, das hat nun OTL augespuckt. OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.01.2013 13:40:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BigMatze001\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 53,80% Memory free 7,73 Gb Paging File | 5,39 Gb Available in Paging File | 69,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 40,51 Gb Free Space | 14,20% Space Free | Partition Type: NTFS Computer Name: SNOWBALL | User Name: BigMatze001 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\BigMatze001\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Browser-Anonymisierer\BrowserMaulkorb.exe (Alexander Miehlke Softwareentwicklung) PRC - C:\Program Files (x86)\Lexmark 7600 Series\lxdwMsdMon.exe () PRC - C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe () PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\PC-TV\WinManager\WinManager.exe () PRC - C:\Program Files (x86)\PC-TV\WinManager\IR_SERVER.exe (Realtek) PRC - C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe (Intuwave Ltd.) PRC - C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe (Intuwave Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Users\BigMatze001\AppData\Roaming\Mozilla\Firefox\Profiles\qwe6er94.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwMsdMon.exe () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwcaps.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwscw.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwDRS.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwcnv4.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\App4R.Monitor.Core.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\App4R.Monitor.Common.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\app4r.devmons.mcmdevmon.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwdatr.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll () MOD - C:\Program Files (x86)\Browser-Anonymisierer\sqlite3.dll () MOD - C:\Program Files (x86)\PC-TV\WinManager\WinManager.exe () MOD - C:\Program Files (x86)\PC-TV\WinManager\thdise.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (lxdw_device) -- C:\Windows\SysNative\lxdwcoms.exe ( ) SRV:64bit: - (lxdwCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (ScrybeUpdater) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (lxdwCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe () SRV - (lxdw_device) -- C:\Windows\SysWOW64\lxdwcoms.exe ( ) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (zebrbus) -- C:\Windows\SysNative\drivers\zebrbus.sys (MCCI) DRV:64bit: - (zebrceb) -- C:\Windows\SysNative\drivers\zebrceb.sys (MCCI) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RELOOP_DJ2ME) -- C:\Windows\SysNative\drivers\rldj2meu.sys (Ploytec GmbH) DRV:64bit: - (RELOOP_DJ2ME_MIDI) -- C:\Windows\SysNative\drivers\rldj2mem.sys (Ploytec GmbH) DRV:64bit: - (RELOOP_DJ2ME_WDM) -- C:\Windows\SysNative\drivers\rldj2mea.sys (Ploytec GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (RTL2831UBDA) -- C:\Windows\SysNative\drivers\RTL2831UBDA.sys (REALTEK SEMICONDUCTOR Corp.) DRV:64bit: - (RTL2831UUSB) -- C:\Windows\SysNative\drivers\RTL2831UUSB.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360511l526l03e8z145t5951d64q IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360511l526l03e8z145t5951d64q IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360511l526l03e8z145t5951d64q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360511l526l03e8z145t5951d64q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5740&r=27360511l526l03e8z145t5951d64q IE - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://homepage.acer.com/rdr.aspx? [Binary data over 200 bytes] IE - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/413 IE - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Searchqu Web Search" FF - prefs.js..browser.search.order.1: "Searchqu Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.gmx.de" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5 FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.0.9 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4 FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0 FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.3.4 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7Bd49175b3-3fd8-43b8-b28e-da5d47f3c398%7D:1.0.45 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=413&sr=0&q=" FF - prefs.js..network.proxy.ftp: "213.168.178.194" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "213.168.178.194" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "213.168.178.194" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "213.168.178.194" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.25 16:30:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.25 16:30:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.25 16:30:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.25 16:30:49 | 000,000,000 | ---D | M] [2011.11.13 18:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\Extensions [2012.12.05 08:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\Firefox\Profiles\qwe6er94.default\extensions [2012.10.03 17:49:24 | 000,000,000 | ---D | M] (WOT) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\Firefox\Profiles\qwe6er94.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.22 13:09:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\Firefox\Profiles\qwe6er94.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.07.07 20:06:12 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\Firefox\Profiles\qwe6er94.default\extensions\bhcwyvgz.nfp [2012.06.20 18:20:11 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\Firefox\Profiles\qwe6er94.default\extensions\support@lastpass.com [2012.11.16 16:07:44 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.12.03 12:41:18 | 000,363,832 | ---- | M] () (No name found) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\extensions\smarterwiki@wikiatic.com.xpi [2012.10.22 18:10:33 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\extensions\stealthyextension@gmail.com.xpi [2012.11.16 16:57:21 | 000,510,620 | ---- | M] () (No name found) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\extensions\toolbar@gmx.net.xpi [2012.11.24 09:10:10 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.23 05:14:41 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.12.05 08:36:31 | 000,395,927 | ---- | M] () (No name found) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi [2011.10.31 10:45:27 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.12.03 12:41:18 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2011.06.05 20:38:58 | 000,002,326 | ---- | M] () -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\searchplugins\amazonde-search.xml [2011.05.27 22:07:27 | 000,001,581 | ---- | M] () -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\searchplugins\boersebz.xml [2012.10.01 10:15:52 | 000,005,998 | ---- | M] () -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\searchplugins\discogs.xml [2011.05.27 22:08:34 | 000,000,930 | ---- | M] () -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\searchplugins\filestubecom.xml [2011.05.26 12:59:52 | 000,001,976 | ---- | M] () -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\searchplugins\rapidshare-google-arama.xml [2011.05.27 22:06:27 | 000,004,140 | ---- | M] () -- C:\Users\BigMatze001\AppData\Roaming\mozilla\firefox\profiles\qwe6er94.default\searchplugins\youtube.xml [2012.12.25 16:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.25 16:30:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.25 16:30:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.25 16:30:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.12.25 16:30:56 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.29 14:15:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.29 14:15:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.29 14:15:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.27 07:42:46 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.09.29 14:15:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.13 18:01:28 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2012.09.29 14:15:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.29 14:15:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.24 22:31:06 | 000,000,907 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 practivate.adobe.com O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxdwamon] C:\Program Files (x86)\Lexmark 7600 Series\lxdwamon.exe () O4:64bit: - HKLM..\Run: [lxdwmon.exe] C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe () O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Lexmark 7600 Series] C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe () O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PC Suite for Smartphones] C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1829339460-3175166159-2654976043-1001..\Run: [mRouterConfig] C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe (Intuwave Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\BigMatze001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browser-Anonymisierer.lnk = C:\Program Files (x86)\Browser-Anonymisierer\BrowserMaulkorb.exe (Alexander Miehlke Softwareentwicklung) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F731B6C2-54D0-4498-801B-927890DD0DB5}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.05 21:35:23 | 000,000,000 | ---D | C] -- C:\Users\BigMatze001\Desktop\Bilder [2013.01.05 20:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.05 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\BigMatze001\AppData\Local\Programs [2012.12.27 11:42:32 | 000,000,000 | ---D | C] -- C:\Users\BigMatze001\Desktop\Daten [2012.12.26 13:47:49 | 000,000,000 | ---D | C] -- C:\Users\BigMatze001\Desktop\Reloop [2012.12.25 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.24 12:34:21 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.24 12:34:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.24 12:34:20 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.24 12:34:19 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.22 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\BigMatze001\Desktop\Music [2012.12.14 09:47:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.14 09:47:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.14 09:47:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.14 09:47:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.14 09:47:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.14 09:47:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.14 09:47:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.14 09:47:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.14 09:46:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.14 09:46:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.14 09:46:58 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.14 09:46:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.14 09:46:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.14 09:46:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.14 09:46:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.13 10:50:41 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.13 10:50:41 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.13 10:50:41 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.13 10:50:41 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.13 10:50:39 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.13 10:50:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.13 10:50:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.13 10:50:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.13 10:50:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.13 10:50:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.13 10:50:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.13 10:50:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.13 10:50:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 10:50:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 10:50:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 10:50:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.13 10:50:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.13 10:50:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.13 10:50:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 10:50:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 10:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 10:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 10:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 10:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 10:50:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.13 10:50:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.13 10:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 10:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 10:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 10:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 10:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 10:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 10:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 10:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 10:50:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 10:50:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 10:50:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 10:50:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 10:50:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 10:50:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 10:50:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.13 10:50:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 10:50:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 10:50:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 10:50:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 10:50:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 10:50:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.13 10:50:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.13 10:50:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.13 10:50:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.13 10:50:24 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.13 10:50:24 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.09 20:05:16 | 000,000,000 | ---D | C] -- C:\Users\BigMatze001\Desktop\Paul Kalkbrenner - Guten Tag (Limited Deluxe Edition) [2011.05.26 15:03:44 | 001,230,848 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\WinRAR.exe [2011.05.26 15:03:44 | 000,287,744 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\UnRAR.exe [2011.05.26 15:03:44 | 000,196,096 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\RarExt.dll [2011.05.26 15:03:44 | 000,167,936 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\RarExt32.dll [2011.05.26 15:03:43 | 000,426,496 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\Rar.exe [2011.05.26 15:03:43 | 000,135,168 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\Uninstall.exe [2009.11.05 04:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [41 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [41 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.06 13:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.06 13:19:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.06 10:52:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.05 21:40:50 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.05 21:40:50 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.05 21:40:50 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.05 21:40:50 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.05 21:40:50 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.05 21:19:04 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.05 20:31:36 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.05 20:31:36 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.04 15:06:24 | 000,002,021 | ---- | M] () -- C:\Users\BigMatze001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browser-Anonymisierer.lnk [2013.01.04 15:05:05 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2012.12.31 23:09:44 | 004,072,860 | ---- | M] () -- C:\Users\BigMatze001\Desktop\Fritz - Thüringer Klöße (Das Original).mp3 [2012.12.31 18:27:28 | 009,309,908 | ---- | M] () -- C:\Users\BigMatze001\Desktop\AJ. Kriss ft. Sonny Boy W. - I_m Trying to Make London My Ne.flv [2012.12.24 16:53:59 | 004,988,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.14 10:19:13 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.14 10:19:13 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.12 13:17:01 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.12 13:17:01 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.12 13:15:04 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdate.dll [41 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [41 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.31 23:05:30 | 004,072,860 | ---- | C] () -- C:\Users\BigMatze001\Desktop\Fritz - Thüringer Klöße (Das Original).mp3 [2012.12.31 18:23:13 | 009,309,908 | ---- | C] () -- C:\Users\BigMatze001\Desktop\AJ. Kriss ft. Sonny Boy W. - I_m Trying to Make London My Ne.flv [2012.09.16 12:54:13 | 000,007,605 | ---- | C] () -- C:\Users\BigMatze001\AppData\Local\Resmon.ResmonCfg [2012.03.17 17:17:34 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.28 20:14:20 | 000,000,242 | ---- | C] () -- C:\Windows\wininit.ini [2011.12.30 15:25:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.05.29 10:26:02 | 000,000,000 | ---- | C] () -- C:\Users\BigMatze001\AppData\Roaming\wklnhst.dat [2011.05.26 20:21:38 | 000,001,751 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2011.05.26 16:43:20 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll [2011.05.26 16:43:20 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll [2011.05.26 16:43:20 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll [2011.05.26 16:42:06 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDWinst.dll [2011.05.26 16:42:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwinpa.dll [2011.05.26 16:42:06 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwiesc.dll [2011.05.26 16:42:06 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdwcomx.dll [2011.05.26 16:42:05 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwserv.dll [2011.05.26 16:42:05 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwusb1.dll [2011.05.26 16:42:05 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwpmui.dll [2011.05.26 16:42:04 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomc.dll [2011.05.26 16:42:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwhbn3.dll [2011.05.26 16:42:04 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcoms.exe [2011.05.26 16:42:04 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwlmpm.dll [2011.05.26 16:42:04 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomm.dll [2011.05.26 16:42:04 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcfg.exe [2011.05.26 16:42:04 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwih.exe [2011.05.26 15:03:55 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat [2011.05.26 15:03:55 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat [2011.05.26 15:03:46 | 000,279,458 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm [2011.05.26 15:03:46 | 000,101,888 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX [2011.05.26 15:03:45 | 000,132,096 | ---- | C] () -- C:\Program Files (x86)\Default64.SFX [2011.05.26 15:03:45 | 000,101,376 | ---- | C] () -- C:\Program Files (x86)\Default.SFX [2011.05.26 15:03:45 | 000,098,304 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX [2011.05.26 15:03:45 | 000,081,920 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX [2011.05.26 15:03:45 | 000,075,264 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX [2011.05.26 15:03:43 | 000,003,266 | ---- | C] () -- C:\Program Files (x86)\Order.htm [2011.05.26 15:03:43 | 000,001,233 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst [2011.05.26 15:03:43 | 000,001,016 | ---- | C] () -- C:\Program Files (x86)\Descript.ion [2011.05.26 15:03:43 | 000,000,686 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst [2011.05.26 15:03:43 | 000,000,487 | ---- | C] () -- C:\Program Files (x86)\File_Id.diz [2011.05.26 12:17:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.26 11:30:27 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.05.26 11:30:27 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini [2011.05.26 11:30:26 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2011.05.26 11:11:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.01.2013 13:40:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BigMatze001\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 53,80% Memory free 7,73 Gb Paging File | 5,39 Gb Available in Paging File | 69,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 40,51 Gb Free Space | 14,20% Space Free | Partition Type: NTFS Computer Name: SNOWBALL | User Name: BigMatze001 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1829339460-3175166159-2654976043-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [OverDisk] -- "C:\Program Files (x86)\OverDisk\OverDisk.exe" "%1" (Elias Fotinis) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [OverDisk] -- "C:\Program Files (x86)\OverDisk\OverDisk.exe" "%1" (Elias Fotinis) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13A6E51C-3660-40DD-8918-B8DBABC40C33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1E014EB5-9ABF-4990-8AC8-19DD1849DDAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1E9312BA-81AC-43B7-A0AD-D57B5F9EB9D2}" = lport=138 | protocol=17 | dir=in | app=system | "{22F5A188-2DE8-4A17-84C5-0268022FDA1E}" = rport=139 | protocol=6 | dir=out | app=system | "{308BF4BD-1A89-4B4C-B55A-80526E237EE0}" = lport=2869 | protocol=6 | dir=in | app=system | "{35024B5F-6214-4312-A630-4B89D64E1BE0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{35B3A9E9-FA70-45CC-A18E-8C1FEF1FBB9E}" = lport=2869 | protocol=6 | dir=in | app=system | "{48EE118F-20D5-43E8-850C-D00BFC7DEEDE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{4D72F11C-25F1-4DC4-BF70-E674286E1865}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{50C2087B-9920-4193-A1BE-C69B968619E4}" = rport=445 | protocol=6 | dir=out | app=system | "{58CE21E3-5515-4811-B0AE-47E0AF04D7DE}" = lport=137 | protocol=17 | dir=in | app=system | "{6A0B858E-9C71-4BDD-A707-C2B98E593929}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{750C7A98-8F4C-4EFC-9802-71586EFB7D1F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{847FEA90-84B1-46D9-8FE4-B09649061A7C}" = lport=445 | protocol=6 | dir=in | app=system | "{8F35D3E3-507A-4F76-B436-0BC0C0D7AC22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{91156408-7F24-467A-8EBD-F633F456624B}" = lport=139 | protocol=6 | dir=in | app=system | "{962E60CF-800C-4C1D-BF86-C5D033912142}" = lport=10243 | protocol=6 | dir=in | app=system | "{B3C7740A-DD2F-4106-BDDE-0F764AE6348C}" = rport=138 | protocol=17 | dir=out | app=system | "{B9C13965-763B-41C2-B0E0-F56A89400B1F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D8F5EDBC-863B-4E4D-AEF3-12E680E6EAF4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DBF05DB8-D8B7-473B-9B5A-674CAB44BF77}" = rport=10243 | protocol=6 | dir=out | app=system | "{E5930B55-7A3D-4CA8-BB76-A30EAF8BEA83}" = rport=137 | protocol=17 | dir=out | app=system | "{F286C38E-CCE1-4A69-9A08-2B8D33CBD7B4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F54704DA-0148-4CBD-AB5A-481431958F5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02410DE6-6E55-4930-A894-162003C2912D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{06ACBD17-CB84-4D74-B715-73B42B434132}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0A88B08E-85C4-4796-8CCF-26A4209D4CFB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | "{100F843E-551D-49B3-9F62-385E0A977F69}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{11E7CF78-0D76-4267-9A7E-93CC8D2FAC19}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{12F8468C-108D-44E6-AFF5-ACC3D1BFE0A2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{13D7228B-4E02-4EC5-A414-A68A07C5757D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{17C0E3C6-ADBB-4C8C-ACB0-672E7887803B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{19F30073-13ED-439C-8F80-000F46701A91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1ABA5C6B-9016-45E9-8B68-4A55256B6AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{1B63B1C2-9757-4D8D-9CD1-B68F05F74C2A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\frun.exe | "{1C557EA3-1598-4446-A37A-E8227466E821}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1CFC3937-BE61-4BA1-8992-5801E3FB5F7D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{227C8BC3-C8E0-40A7-B592-BCE307D389C2}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | "{2534DDBE-2043-4AB1-8D74-1FBFBA794D98}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwtime.exe | "{27DD8BF1-A6CB-4FAA-B7B0-98CDF7BC997E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | "{291A1845-32D9-4173-A593-A3F66ED538F2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{2EEDA0AA-F0AD-4BC8-870E-D5C4ACC0B1B4}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{2F9CA84D-6FD3-4884-A227-619BB39FB55C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{369DC258-3D8E-4A9C-BEAF-1764293ECCA7}" = dir=in | app=c:\windows\system32\lxdwcoms.exe | "{38421961-BE37-4837-9B73-1B16F9F78092}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | "{3DF24D42-941B-4E7C-85ED-4EECB92A9F11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{496E3A5F-E08B-45F3-B192-BD0D555CC01D}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{515D4FCC-2D0F-4303-BDD2-5326B9CD322B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{632F0BE1-8234-4C2E-BB34-76BD0C7AC6A8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | "{6737C922-123E-4AF0-8F25-DFB488EC8ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\frun.exe | "{7547687C-4451-421B-90C1-F05BACA0A480}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{77A59DEF-B4BE-47F5-8956-6DF31EA6D45E}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "{78A4EEAC-1D2F-4898-9DB0-64498C96C394}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | "{80D17EED-C1B0-4716-A253-560115589AC0}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | "{81CA401D-6354-40AA-B8BA-BBFF4F000F05}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{83DF2EEF-EAE0-44AF-9318-F3D2AEBF0126}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | "{86C02E97-11FB-4D7C-A10E-3838FF51AB21}" = protocol=17 | dir=in | app=c:\windows\system32\lxdwcoms.exe | "{88421BA8-6701-452C-A93E-5A1AB2767867}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{897315D1-D46C-42C9-B7FC-31C3A48FC4AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8B0083B7-05FC-4B89-9BCC-8A83260FD71C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8FF0E9A3-EF58-4BC4-AE44-497D201CEB96}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "{9A607D5F-2396-4CF5-8980-331DB9854CCA}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwfax.exe | "{A23B62BD-A60F-40F7-B187-713ABA20B8BC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A3FAF4F8-65C4-4605-AC48-2A88464C0825}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A8D090AC-9413-44A7-BA1C-6508D6D06B0C}" = protocol=6 | dir=in | app=c:\windows\system32\lxdwcoms.exe | "{AD32CDDF-D29A-4E86-8AE0-C8CCEB2F5C6C}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwamon.exe | "{AD8BCDFA-FF6A-40D4-8CF5-0D1C25C1F76C}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | "{B43EB935-6C5C-47A2-8E7D-0F78DE2C1792}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BAC55FA5-4DAC-4F38-AC9F-5A036D9E4C19}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BBE088CC-AD44-4F83-B578-E9C541E3D95E}" = protocol=6 | dir=out | app=system | "{BEE45565-72F8-4EF7-9FCE-E41A23AA910E}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdwcoms.exe | "{C1E98DE4-7695-4EC2-B35A-B9E160C3E8C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C4DE338B-84E0-468A-B6AB-541549A1A2E2}" = dir=in | app=c:\windows\syswow64\lxdwcoms.exe | "{C54BD5F1-F4FC-4781-AF57-EEBC95E8F920}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdwcoms.exe | "{C7D6317C-6A9E-4AEA-8B77-9C8D682A9DCA}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | "{C9B480AB-68F0-43CA-8DEA-C1040844DA94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CD48E4D2-21DC-4B1C-92F3-BF399FEDA924}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{D88ABBEE-533B-40A2-8D06-47A14780DDE6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{D8D0F573-A397-41F2-8FAA-2CD80894F829}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwamon.exe | "{DE21E5CD-110E-4BAF-903E-E042B9E4A83A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E888D6BA-A107-4B33-8818-56A1E38B0DB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EB422331-0BA6-4F37-B0F3-8B63734FCA83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F1900E14-DBB1-45B5-9225-CFB2C6C23C17}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{F68E0157-D74D-425C-87BC-F9407530094D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F78AF186-6557-43D2-ACC9-D130F9F84957}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | "{FA4471B6-A4B1-420D-9CCF-6D67F68A4419}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{FD51652A-CACF-41CC-A8CD-BB3A5EB600CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FF970380-51BE-40D0-9CFE-0AFA013859B1}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwfax.exe | "{FF9F9119-FBB2-40A4-B77A-190472DB834B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{2F2D5737-4961-4F53-8D2C-2DC6B01BC846}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe | "TCP Query User{676AA4CF-124B-471F-A268-C43DC356E7E2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{8FD3024F-7749-4FD6-9891-6BC5D18E9B37}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe | "TCP Query User{E736053F-B9BA-41B2-8D26-408D098D0F76}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{2DD48C1B-4D94-4F91-8AA2-7D80FAB74701}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{CEB3BD51-A0B4-4A3F-B889-F3F2E28BBA4A}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe | "UDP Query User{D3A13B17-CF08-428C-9AD3-4137AC8BE810}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe | "UDP Query User{E22EE646-DADB-4E2F-8A35-4FFA2CF2608A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7F5DD17B-35CB-B9FC-4EF0-71240AEB08D5}" = ATI Catalyst Install Manager "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8B963746-228D-35B2-BAFC-EFB79B4DF053}" = ccc-utility64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D611B241-28A0-4937-AF86-17565CAF9807}" = PC Suite for Sony Ericsson x64 "{E4E8CCFD-621C-E05A-47FB-AB96E4F5CB50}" = ATI AVIVO64 Codecs "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Lexmark 7600 Series" = Lexmark 7600 Series "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Sony Ericsson" = Sony Ericsson Symbian 9 Drivers "SynTPDeinstKey" = Synaptics Pointing Device Driver "USB_AUDIO_DEusb-audio.deReloopDJ2ME" = Reloop Digital Jockey 2 Master Edition USB ASIO driver "WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B3689FB-8AF1-7C0E-58AF-C9B7CDC0D3AE}" = CCC Help Czech "{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office "{1178262C-BA31-9A27-8507-0143DD55BCDD}" = CCC Help Hungarian "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{250DA7DE-37D3-ED70-90D6-90B99EE0D110}" = CCC Help Turkish "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2E32576B-75F7-2D13-4809-FF14DA271930}" = CCC Help Dutch "{33E5C80C-8D37-541E-74A6-51D527336A31}" = CCC Help Portuguese "{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43BB11DF-96BE-011A-46C4-338B7432E278}" = CCC Help English "{43D494C7-3F5B-BD67-7C09-323725A7DBA0}" = CCC Help Korean "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{57D89CD5-09D1-6775-5D28-FBF8E62D5906}" = CCC Help Danish "{584E5DA5-F6A4-90EA-C9D6-9D36638055A6}" = CCC Help Norwegian "{593A6D1B-DC94-38F5-3158-A3861F7360C9}" = Catalyst Control Center InstallProxy "{59569A68-C301-4EDD-2DEC-A555851AEE5E}" = Catalyst Control Center Localization All "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{606A0AC5-5F90-4379-81AE-11B44707E094}" = Adobe After Effects CS5.5 Third Party Content "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6510C671-1D30-7669-18A8-2F13DC818E4B}" = CCC Help Greek "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D863265-A79F-9214-9F2A-C4D1FC8FDFF6}" = ccc-core-static "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76DC93F5-9C94-79F6-B39F-11055EF7A582}" = CCC Help Thai "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BEB1F41-755A-C8CB-45B0-C5DEBEA241C9}" = CCC Help Chinese Traditional "{7F05F449-4DC4-4E02-A8D1-4A3ED7DD5FA3}" = Adobe Creative Suite 5.5 Production Premium "{7F5DD739-DB41-DA6A-9912-89C04E20C130}" = CCC Help Finnish "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{830ECBA3-2D98-2174-93A4-DDF90A2C41D5}" = Catalyst Control Center Core Implementation "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AADC86C-5018-4762-A309-3031F68D1008}" = COMPUTERBILD-Abzockschutz "{8D0DF06F-6AC2-D9C3-B29F-810CB9E836D8}" = CCC Help Swedish "{8DFE0123-0723-165C-29CF-28409D8E462C}" = CCC Help French "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{901AB58E-FB3C-1F64-7795-5BE7F7DB66A6}" = CCC Help Russian "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A18B2647-60E3-0A6E-AF17-2FD9DF46DC41}" = CCC Help Italian "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI "{B0559ABA-D32C-55AD-5943-3E8BF9E6D749}" = Catalyst Control Center Graphics Full New "{B1AC5371-C952-99DC-1C0C-2C0BE8A0F1F8}" = CCC Help Chinese Standard "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7F9F9C6-8F06-2E00-63E2-DC8F1E73EE54}" = CCC Help Polish "{C19DBE5E-712E-4F02-8380-ECEDD951B374}" = DigitalTV "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story "{C3E67109-58DF-1C4A-BB9A-14BEC5787BFC}" = Catalyst Control Center Graphics Full Existing "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE4120DD-97B3-78AD-2535-00031F6ED246}" = Catalyst Control Center Graphics Light "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAD9BED2-5833-4EA2-57EC-550F94F8588B}" = Catalyst Control Center Graphics Previews Vista "{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E48F1CB2-4D52-B847-5442-7C3897983BBD}" = CCC Help Spanish "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EB646CCD-FA56-CEC6-A91A-C18EF9D5C3B5}" = CCC Help German "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.015 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FACE7F75-E485-06CA-01AA-C1633F43667F}" = CCC Help Japanese "1489-3350-5074-6281" = JDownloader 0.9 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "ASIO4ALL" = ASIO4ALL "Avira AntiVir Desktop" = Avira Free Antivirus "Browser-Anonymisierer_is1" = Browser-Anonymisierer 1.0 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "ElsterFormular 13.1.0.8394p" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free FLV Converter_is1" = Free FLV Converter V 7.3.0 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "JagUhr2" = JagUhr2 "LastPass" = LastPass (uninstall only) "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "MediaMonkey_is1" = MediaMonkey 3.2 "MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0 "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.53 "Native Instruments Traktor 2" = Native Instruments Traktor 2 "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "OverDisk" = OverDisk (remove only) "SearchCore for Browsers" = SearchCore for Browsers "Searchqu 413 MediaBar" = Windows Searchqu Toolbar "UltraStar Deluxe" = UltraStar Deluxe "Update Service" = Sony Ericsson Update Service "VLC media player" = VLC media player 1.1.11 "VOX 3D Planer 2.0_is1" = VOX 3D Planer 2.0 "WinLiveSuite_Wave3" = Windows Live Essentials "XMedia Recode" = XMedia Recode 3.0.8.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.10.2012 10:22:40 | Computer Name = SNOWBALL | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 04.10.2012 03:41:55 | Computer Name = SNOWBALL | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 05.10.2012 03:45:51 | Computer Name = SNOWBALL | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 05.10.2012 03:45:51 | Computer Name = SNOWBALL | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 05.10.2012 03:45:51 | Computer Name = SNOWBALL | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 05.10.2012 04:29:44 | Computer Name = SNOWBALL | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 06.10.2012 11:50:12 | Computer Name = SNOWBALL | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 06.10.2012 11:50:12 | Computer Name = SNOWBALL | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 06.10.2012 11:50:13 | Computer Name = SNOWBALL | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 06.10.2012 11:50:15 | Computer Name = SNOWBALL | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. [ System Events ] Error - 27.12.2012 06:44:05 | Computer Name = SNOWBALL | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 30.12.2012 08:28:40 | Computer Name = SNOWBALL | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdwCATSCustConnectService erreicht. Error - 30.12.2012 08:28:40 | Computer Name = SNOWBALL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdwCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 03.01.2013 10:28:07 | Computer Name = SNOWBALL | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdwCATSCustConnectService erreicht. Error - 03.01.2013 10:28:07 | Computer Name = SNOWBALL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdwCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 04.01.2013 09:56:45 | Computer Name = SNOWBALL | Source = Service Control Manager | ID = 7034 Description = Dienst "Google Update Service (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 04.01.2013 09:57:15 | Computer Name = SNOWBALL | Source = DCOM | ID = 10010 Description = Error - 04.01.2013 10:05:35 | Computer Name = SNOWBALL | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdwCATSCustConnectService erreicht. Error - 04.01.2013 10:05:35 | Computer Name = SNOWBALL | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdwCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 05.01.2013 16:40:33 | Computer Name = SNOWBALL | Source = DCOM | ID = 10010 Description = < End of report > |
06.01.2013, 16:27 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Searchcore erscheint immer wenn Firefox beendet wird.Code:
ATTFilter O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com Nicht gecrackte Software muss aktiviert werden nur wird eben genau das unterbunden durch diese Einträge. Sry aber bei illegaler Software gibt es hier nur noch Hilfe zur Datensicherung + Neuinstallation von Windows Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Searchcore erscheint immer wenn Firefox beendet wird. |
acer, acer aspire, administrator, anti-malware, autostart, beendet, browser, dateien, einstellungen, ergebnis, explorer, firefox, gen, home, malwarebytes, neu, problem, probleme, searchcore, searchcore toolbar, seite, service, sicherheit, speicher, startseite, version, win, win7 |