| |
| |||||||
Log-Analyse und Auswertung: Ihr Internet Service Provider wird blockiert- bei Zahlung von 100 € wird dieser entsperrtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.04.2013, 19:30
| #1 |
 |  Ihr Internet Service Provider wird blockiert- bei Zahlung von 100 € wird dieser entsperrt Sehr geehrte Damen und Herren, als ich heute meinen PC benutzte und über den Internet Explorer auf Youtube ging, um mir ein Lied von Tom Odell anzuhören, erschien auf einmal diese "offzielle" Seite "Ihr Provider ist blockiert. Ihr PC kann nur entsperrt werden, wenn Sie 100 € zahlen." Man drohte mir mit hohen Geld- und Gefängnisstrafen. Und warf mir vor ich würde Kinderpornografie anschauen. (So etwas würde ich nie tun!) Daher wusste ich auch sofort, dass es sich um einen "Abzock"-Virus handeln musste. Aus meinen Recherchen ist mir bekannt, dass Ihnen dieses Problem schon mal vorgetragen wurde. Allerdings habe ich auch bei meinen Recherchen erfahren, dass ich die Anleitung zur "Heilung"des anderen PC nicht auf meinen PC anwenden kann. So habe ich alle Schritte ausführt und werde nun die Text-Dateien kopieren und kann nur hoffen, dass ich alles richtig gemacht habe und Sie mir helfen können. Meinen Namen habe ich wie gewünscht mit *** ersetzt. Mit ganz herzlichem Dank im Voraus OTL.TXT OTL logfile created on: 17.04.2013 18:22:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 78,99% Memory free 5,50 Gb Paging File | 4,95 Gb Available in Paging File | 90,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,72 Gb Total Space | 357,11 Gb Free Space | 78,36% Space Free | Partition Type: NTFS Drive D: | 9,94 Gb Total Space | 0,97 Gb Free Space | 9,79% Space Free | Partition Type: NTFS Drive E: | 16,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 7,46 Gb Total Space | 3,13 Gb Free Space | 41,96% Space Free | Partition Type: FAT32 Computer Name: 260211-64BIT | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.17 18:21:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013.01.28 15:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011.05.10 12:06:49 | 000,126,520 | ---- | M] (HP) [Auto | Stopped] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService) SRV:64bit: - [2010.02.02 01:17:12 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.03.28 12:49:32 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 12:49:01 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.03.28 12:48:53 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.15 17:06:37 | 000,474,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService) SRV - [2013.03.14 19:22:03 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUNEUPUTILITIESSERVICE64.EXE -- (TuneUp.UtilitiesSvc) SRV - [2013.01.28 15:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012.09.26 17:59:56 | 005,686,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe -- (FreemiumSelfUpdateService) SRV - [2012.06.22 00:09:56 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Stopped] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc) SRV - [2012.01.19 11:41:52 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012.01.19 11:41:48 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2011.06.27 09:02:00 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.10.15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009.08.18 21:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.28 12:49:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.28 12:49:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.28 12:49:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.24 07:53:24 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews) DRV:64bit: - [2012.08.30 17:01:22 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.04.09 01:12:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.10 02:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.02.02 01:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.02.02 00:24:00 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.12.21 20:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.10.23 10:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.10.08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2012.11.16 17:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {576DE627-EBFD-4409-81C2-9BD9207871DC} IE:64bit: - HKLM\..\SearchScopes\{576DE627-EBFD-4409-81C2-9BD9207871DC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{CE36F477-B616-4700-8B91-A9EE5DBB316D}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D5DE04B2-D47E-4451-80BE-5686E8ADF8D5}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {576DE627-EBFD-4409-81C2-9BD9207871DC} IE - HKLM\..\SearchScopes\{576DE627-EBFD-4409-81C2-9BD9207871DC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{CE36F477-B616-4700-8B91-A9EE5DBB316D}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D5DE04B2-D47E-4451-80BE-5686E8ADF8D5}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Downloads IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.facebook.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {C314746D-4ADB-45AA-AE41-F21100495B02} IE - HKCU\..\SearchScopes\{C314746D-4ADB-45AA-AE41-F21100495B02}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.03.22 12:03:33 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [Sysyem Cleaner] C:\Users\***\4905226.exe (PassMark Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Java Plug-in 10.6.2) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.7.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F793E42-D1B7-4B85-BBF5-FFD850C61861}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\backitup.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\coverdes.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\discspeed.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\drivespeed.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\infotool.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\nero.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\neroburnrights.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\nerostartsmart.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\neroupgrade.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\nerovision.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\pdfvista.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\photosnap.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\photosnapviewer.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\recode.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\setupx.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\showtime.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\backitup.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\coverdes.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\discspeed.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\drivespeed.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\infotool.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\nero.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\neroburnrights.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\neroupgrade.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\nerovision.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\pdfvista.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\photosnap.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\photosnapviewer.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\recode.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\setupx.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\showtime.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAutoReactivator64.EXE (TuneUp Software) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.22 04:26:36 | 000,000,100 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{3408a3f9-f118-11e1-9cb3-2c27d722802f}\Shell - "" = AutoRun O33 - MountPoints2\{3408a3f9-f118-11e1-9cb3-2c27d722802f}\Shell\AutoRun\command - "" = E:\SISetup.exe -- [2010.11.24 10:59:56 | 000,607,800 | R--- | M] (HP) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.17 18:21:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.17 17:28:29 | 000,054,784 | ---- | C] (PassMark Software) -- C:\Users\***\4905226.exe [2013.04.12 20:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater [2013.04.12 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DownloadGuide [2013.04.12 19:56:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Software Updater [2013.04.12 17:47:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Smartbar [2013.04.12 17:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2013.04.06 13:05:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDFab9 [2013.04.06 13:05:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDFab9 [2013.04.06 13:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9 [2013.04.06 13:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 9 [2013.04.03 15:03:03 | 000,000,000 | ---D | C] -- C:\Sicherung [2013.03.28 12:49:59 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.28 12:49:59 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.28 12:49:59 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files - Modified Within 30 Days ========== [2013.04.17 18:21:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.17 18:17:20 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.17 18:16:41 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.17 17:59:54 | 001,613,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.17 17:59:54 | 000,697,064 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.17 17:59:54 | 000,652,382 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.17 17:59:54 | 000,148,102 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.17 17:59:54 | 000,121,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.17 17:55:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.17 17:40:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.17 17:40:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.17 17:28:31 | 000,054,784 | ---- | M] (PassMark Software) -- C:\Users\***\4905226.exe [2013.04.17 17:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.14 14:49:28 | 000,416,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.06 15:57:05 | 000,008,192 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.03 13:18:04 | 000,000,621 | ---- | M] () -- C:\Windows\wiso.ini [2013.03.28 12:49:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.28 12:49:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.28 12:49:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2013.04.17 18:17:20 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.17 18:16:41 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.03.07 20:24:21 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.03.07 20:24:21 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013.02.05 14:20:49 | 000,000,621 | ---- | C] () -- C:\Windows\wiso.ini [2012.12.24 17:26:14 | 000,156,251 | ---- | C] () -- C:\Users\***\.TransferManager.db [2012.11.28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.11.28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.11.28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.11.28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.10.01 15:09:03 | 000,008,192 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.08 15:08:15 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2012.09.08 15:07:53 | 000,001,024 | ---- | C] () -- C:\Users\***\.rnd [2012.08.25 17:21:31 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.08.24 21:25:41 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2012.08.24 21:25:38 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll [2012.08.24 21:25:38 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\libpng15.dll [2012.08.24 21:25:35 | 001,187,609 | ---- | C] () -- C:\Windows\unins002.exe [2012.08.24 21:25:35 | 000,010,944 | ---- | C] () -- C:\Windows\unins002.dat [2012.08.24 21:21:50 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe [2012.08.24 21:21:50 | 000,007,969 | ---- | C] () -- C:\Windows\unins001.dat [2012.08.24 21:21:08 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe [2012.08.24 21:21:08 | 000,021,553 | ---- | C] () -- C:\Windows\unins000.dat [2012.08.24 19:54:27 | 001,590,954 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.23 21:53:59 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.09 16:32:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.10.21 13:23:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2013.02.05 14:18:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2012.11.13 21:31:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2013.04.06 13:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDFab9 [2013.03.06 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.12.19 01:18:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2013.02.05 18:14:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2012.09.09 19:16:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Freemium [2012.08.25 16:12:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2013.04.12 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey [2013.04.14 16:53:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2012.09.09 19:15:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2012.09.07 18:43:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pschmid.net [2013.03.07 21:10:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2013.04.12 19:56:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Updater [2012.08.30 17:01:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator [2012.08.24 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.12.15 16:31:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012.09.07 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch [2012.12.15 16:56:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinFF ========== Purity Check ========== < End of report > Extras.Txt OTL Extras logfile created on: 17.04.2013 18:22:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 78,99% Memory free 5,50 Gb Paging File | 4,95 Gb Available in Paging File | 90,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,72 Gb Total Space | 357,11 Gb Free Space | 78,36% Space Free | Partition Type: NTFS Drive D: | 9,94 Gb Total Space | 0,97 Gb Free Space | 9,79% Space Free | Partition Type: NTFS Drive E: | 16,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 7,46 Gb Total Space | 3,13 Gb Free Space | 41,96% Space Free | Partition Type: FAT32 Computer Name: 260211-64BIT | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{061BFB88-9FA9-4E47-9248-C943F80646A9}" = rport=138 | protocol=17 | dir=out | app=system | "{0C9A9AF4-02D6-49D5-A288-92254C728E8C}" = rport=139 | protocol=6 | dir=out | app=system | "{0F11CD0D-B7ED-479A-9747-1A8CA2298960}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{113BA63C-C2F9-4F18-BAFF-D6C779E30355}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2091BB94-3C69-4DA9-BE9A-EDEF992C8AF8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{21FCF1DA-9F00-4121-988B-2A00A4CA25FD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{252A921F-E300-46AC-8712-FB3A532BD069}" = lport=139 | protocol=6 | dir=in | app=system | "{39D167E8-ED27-40C3-984A-632BA4E85C9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3C5BF6BE-C771-4F65-BE94-F9A62684F51D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{58BEF3C5-EBB2-415F-BBF7-3D8DE4BC146D}" = lport=137 | protocol=17 | dir=in | app=system | "{61B4E751-E856-42CF-B4BE-0E3DF93666C1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{63C448D4-C445-455F-9900-48EA47331597}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{65774D9B-21E5-40DE-BDD4-BDADC202F833}" = lport=138 | protocol=17 | dir=in | app=system | "{6C97215F-7E67-49BF-8344-DB8FF949CD0A}" = rport=10243 | protocol=6 | dir=out | app=system | "{7098B6AB-8CB3-44A3-9750-09B98C56AE91}" = lport=445 | protocol=6 | dir=in | app=system | "{8A281CD4-7528-4E8E-B244-FBEC7CC6D92F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9D681DA1-8E72-48ED-8DF2-6F6483FC7429}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AD9FCE8A-4C8B-474B-84AC-40A3247DAC60}" = lport=10243 | protocol=6 | dir=in | app=system | "{C89B7AC2-D65C-409F-A703-2AC9AE9E7A5C}" = lport=2869 | protocol=6 | dir=in | app=system | "{E2F45B35-B8E6-49E2-8E9A-841EBA3EF21B}" = rport=137 | protocol=17 | dir=out | app=system | "{E6764278-229A-46B1-A6C6-B9E5260C0DF7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E6F54906-1DA4-4F8C-8216-C153CDD38EC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EE2DB0A4-931A-4EC2-B918-BA87B3EB1634}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EF0145BC-A1B9-4821-B372-52068128EA95}" = rport=445 | protocol=6 | dir=out | app=system | "{F0FA6641-8716-43FE-998D-C5C9331EA764}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{055B646E-0BD9-4907-82D7-1A6DDDC58754}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{07EFD653-CC96-4235-AB30-F9A59AB31C95}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0D33F8B9-C57C-4E47-9159-90EE4CDE6512}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1F007C6B-1FFE-4721-BDD3-EFADB1195454}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{212731E6-D436-40FF-88F6-04076CEF3B27}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{232D545A-ED32-4630-932E-F1DC4FB47F7A}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | "{28B5B9F8-6F6A-4202-8909-8E493FECE173}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{362FF4DC-CF24-47AB-B2DA-3CC8355575B3}" = protocol=6 | dir=out | app=system | "{43593B04-C72B-4183-A1EC-5D1D1019E892}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{43A850F7-1F38-4710-AD70-DA311BD81DEB}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{476485E7-09D9-474B-8FAD-F723E76F591A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4DCA41BF-01F2-4E24-A185-DEE386475633}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4FEAFA94-A2E7-462C-8A65-5736DBB8FF6E}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{59B1925A-AE15-41C1-A818-5A3553E69A9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{79A540B0-EDCD-4375-A148-E153FEFCA2DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{8352589A-DFAF-4A47-9ABA-42BFB64708C3}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | "{8A3B9658-AE9E-406D-A230-DD98D04BB365}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{8E862DAD-FE17-41C4-BC91-739640C0D8A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{92D1FBF2-4111-4177-A0A4-98A73268DFCC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{9380F4B3-817D-495A-82BC-4E3BB19183BD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{9A10C29D-6D63-4017-9EEC-D0692BDD5899}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9A8583F8-020C-4307-B091-1C490E005969}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9E6B559A-077A-4565-BAF6-2EAC717ECD1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A9C5861A-B0B7-43EE-ADBC-DB7B58551E75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AB8050A0-0227-4271-BA2D-D6774B89729F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B1D0EE9C-104B-4A19-9BD5-A8EB1A634367}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{C31CAF87-F55E-411B-9D62-4A62F91F028C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | "{CBD0B4BB-31F4-4072-92E2-38FE7D67C60B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{CD31B62B-0F5A-4D31-B0EB-59D0EE2D9D95}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D265D7F0-B130-46CA-BB30-D46C1C2A7B7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D444F40E-8F80-41EC-B946-B28B402FA094}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{D915A88C-5CA1-4682-8CD7-9A99A9806E92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DBB7E27C-49CA-47FE-A93B-A0A6EDBDEED4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E20F25D2-B64F-4D79-9F9B-D802E4A9421F}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{EA491C8D-D6A4-46E0-9974-CEFF445E549F}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{EAFC795A-0A46-4D76-8558-A0DB4BBE5341}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{4B0C203D-101E-4E81-8BE2-0CDA74DB8602}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{B204B752-0ED4-4514-8CD9-4FD71C238EBA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{6E29A3E9-8414-4D63-BF8D-64479061EEBC}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{E0AC3B14-10C2-4CF5-9BE6-46C6494E8C3B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86) "{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{948B1FD6-9F98-47EE-AABF-8697F2FD44B0}" = ccc-utility64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{E50A5077-1654-BEAE-986B-7B7133DA7C48}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code "2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) "CCleaner" = CCleaner "HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series "VLC media player" = VLC media player 2.0.2 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy "{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese "{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService "{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6 "{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater "{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish "{2BE6CDFB-9037-4FE5-93D4-6CFB4BE84958}" = TubeBox "{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New "{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3CC52794-9EFB-4E79-A9BC-2CFFAB13DB0A}" = calibre "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection "{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58a26b11-1507-4461-bb28-9c2be3a0dff1}" = TubeBox "{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian "{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6737F045-A91A-4177-9C8C-59460FC1C84D}" = t@x 2013 "{6883DDA6-867E-4F63-9D5E-8F53FD40CDF4}" = Adobe Shockwave Player 11.6 "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard "{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2 "{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply "{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light "{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek "{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{895294B6-0495-461D-B3A1-DA819C6E6A76}" = pschmid.net Ltd. - RibbonCustomizer Add-In "{8EB84BE2-1F31-4950-83D8-C211A9A08739}" = AM Usb Card Reader Driver "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static "{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish "{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update "{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All "{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing "{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish "{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation "{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "AmUStor" = AM Usb Card Reader Driver "Audacity_is1" = Audacity 2.0.2 "Avira AntiVir Desktop" = Avira Free Antivirus "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "DVDFab 9_is1" = DVDFab 9.0.3.2 (01/04/2013) Beta "EasyBits Magic Desktop" = Magic Desktop "ElsterFormular" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "Freemake Video Converter_is1" = Freemake Video Converter Version 4.0.0 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 9.2.0 (Standard) "LAME_is1" = LAME v3.99.3 (for Windows) "MediaMonkey_is1" = MediaMonkey 4.0 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "MP3db" = MP3db 2008 "Mp3tag" = Mp3tag v2.52 "MusicStationNetstaller" = MusicStation "My HP Game Console" = HP Game Console "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "PDF Complete" = PDF Complete Special Edition "RealPlayer 12.0" = RealPlayer "TuneUp Utilities 2013" = TuneUp Utilities 2013 "VLC media player" = VLC media player 2.0.5 "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials "WT087361" = FATE "WT087380" = John Deere Drive Green "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087420" = Agatha Christie - Death on the Nile "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087480" = Insaniquarium Deluxe "WT087485" = Jewel Quest II "WT087490" = Jewel Quest Solitaire "WT087501" = Plants vs. Zombies "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087519" = Wedding Dash "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 28.03.2013 09:20:33 | Computer Name = 260211-64bit | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 28.03.2013 09:20:33 | Computer Name = 260211-64bit | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 28.03.2013 09:24:16 | Computer Name = 260211-64bit | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\messenger\wlcsdk.exe". Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 28.03.2013 09:24:16 | Computer Name = 260211-64bit | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 01.04.2013 05:07:20 | Computer Name = 260211-64bit | Source = Windows Backup | ID = 4103 Description = Error - 02.04.2013 14:36:32 | Computer Name = 260211-64bit | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 02.04.2013 14:36:33 | Computer Name = 260211-64bit | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 02.04.2013 14:36:34 | Computer Name = 260211-64bit | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 02.04.2013 14:40:19 | Computer Name = 260211-64bit | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\messenger\wlcsdk.exe". Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.04.2013 14:40:21 | Computer Name = 260211-64bit | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. [ Hewlett-Packard Events ] Error - 31.08.2012 07:59:20 | Computer Name = 260211-64bit | Source = Hewlett-Packard | ID = 0 Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201208311359.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents, Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 04.10.2012 11:27:20 | Computer Name = 260211-64bit | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HPSFConfigReader.ConfigHelper.loadXML() bei HPSFConfigReader.ConfigHelper..ctor() bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean isOnAppLoad) Message: Eine Ausnahme vom Typ "System.Exception" wurde ausgelöst. StackTrace: bei HPSFConfigReader.ConfigHelper.loadXML() bei HPSFConfigReader.ConfigHelper..ctor() bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 2815 Ram Utilization: 50 TargetSite: Void loadXML() Error - 18.10.2012 14:30:30 | Computer Name = 260211-64bit | Source = HPSF.exe | ID = 4000 Description = Error - 25.10.2012 11:50:20 | Computer Name = 260211-64bit | Source = HPSF.exe | ID = 4000 Description = Error - 25.10.2012 11:50:40 | Computer Name = 260211-64bit | Source = HPSF.exe | ID = 4000 Description = Error - 29.10.2012 11:59:09 | Computer Name = 260211-64bit | Source = HPSF.exe | ID = 4000 Description = Error - 29.10.2012 11:59:09 | Computer Name = 260211-64bit | Source = HPSF.exe | ID = 4000 Description = Error - 04.11.2012 08:41:59 | Computer Name = 260211-64bit | Source = HPSF.exe | ID = 4000 Description = Error - 04.11.2012 08:42:17 | Computer Name = 260211-64bit | Source = HPSF.exe | ID = 4000 Description = [ System Events ] Error - 12.04.2013 13:54:26 | Computer Name = 260211-64bit | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error - 14.04.2013 08:50:26 | Computer Name = 260211-64bit | Source = bowser | ID = 8003 Description = Error - 14.04.2013 08:52:11 | Computer Name = 260211-64bit | Source = Service Control Manager | ID = 7023 Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error - 14.04.2013 08:53:17 | Computer Name = 260211-64bit | Source = bowser | ID = 8003 Description = Error - 16.04.2013 10:46:26 | Computer Name = 260211-64bit | Source = bowser | ID = 8003 Description = Error - 16.04.2013 10:47:32 | Computer Name = 260211-64bit | Source = Service Control Manager | ID = 7023 Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error - 16.04.2013 10:52:24 | Computer Name = 260211-64bit | Source = bowser | ID = 8003 Description = Error - 16.04.2013 12:15:49 | Computer Name = 260211-64bit | Source = Service Control Manager | ID = 7023 Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error - 16.04.2013 12:16:33 | Computer Name = 260211-64bit | Source = bowser | ID = 8003 Description = Error - 16.04.2013 12:23:23 | Computer Name = 260211-64bit | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht. < End of report > Gmer.txt .19163 - hxxp://www.gmer.net Rootkit scan 2013-04-17 19:20:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000050 Hitachi_ rev.JP2O 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\***~1\AppData\Local\Temp\pfdoypoc.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
| Themen zu Ihr Internet Service Provider wird blockiert- bei Zahlung von 100 € wird dieser entsperrt |
| adobe reader xi, antivir, avira, avira searchfree toolbar, bho, browser.exe, diner dash, error, fehler, firefox, flash player, helper, home, homepage, iexplore.exe, install.exe, internet, internet explorer, logfile, olympus, plug-in, problem, realtek, registry, richtlinie, scan, security, senden, software, spyware, svchost.exe, version., windows, wma, zahlung |
Baum-Darstellung