| |
| |||||||
Log-Analyse und Auswertung: Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.07.2013, 11:32
| #1 |
| |  Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! OTL logfile created on: 24.07.2013 12:14:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andy\Desktop\Neuer Ordner 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,19% Memory free 16,05 Gb Paging File | 13,65 Gb Available in Paging File | 85,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,46 Gb Total Space | 211,18 Gb Free Space | 46,06% Space Free | Partition Type: NTFS Drive D: | 458,41 Gb Total Space | 410,10 Gb Free Space | 89,46% Space Free | Partition Type: NTFS Drive E: | 18,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDY-PC | User Name: andy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.24 12:13:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andy\Desktop\Neuer Ordner\OTL.exe PRC - [2013.07.16 19:54:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.06.26 21:40:15 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2013.06.26 21:40:14 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe PRC - [2013.06.26 21:40:13 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe PRC - [2013.06.26 13:21:22 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.26 13:21:14 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.26 13:21:14 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\andy\AppData\Local\Akamai\netsession_win.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.10.13 17:05:42 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe PRC - [2012.10.04 16:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012.08.15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.02.19 19:14:14 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\java.exe PRC - [2011.05.17 09:27:48 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) -- C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010.11.18 05:07:22 | 000,569,344 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe PRC - [2010.11.18 05:07:04 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2010.10.29 15:43:54 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe PRC - [2010.05.28 17:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe PRC - [2009.01.12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2008.10.27 03:27:16 | 001,794,048 | ---- | M] (Edimax Technology Co.) -- C:\Program Files (x86)\EDIMAX\Common\RaUI.exe PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.12 23:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe ========== Modules (No Company Name) ========== MOD - [2013.07.16 19:54:48 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.06.26 21:40:16 | 000,521,392 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll MOD - [2013.06.26 21:40:16 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll MOD - [2013.06.26 21:40:15 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.10.13 17:05:42 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe MOD - [2008.12.22 09:50:28 | 000,135,168 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL MOD - [2008.11.21 13:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.07.16 19:54:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.26 21:40:14 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0) SRV - [2013.06.26 13:21:22 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.26 13:21:14 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.12 15:21:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.07 15:54:17 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.08.23 15:40:04 | 000,188,760 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.01.24 12:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service) SRV - [2011.08.01 18:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011.06.14 14:57:29 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2011.05.17 09:27:48 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) [Auto | Running] -- C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.28 17:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.01 12:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.05.12 23:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.26 21:40:16 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.29 23:27:18 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.29 23:27:18 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.29 23:27:18 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.08.21 12:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.07.30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2012.01.04 16:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtkdrv.sys -- (TrojanKillerDriver) DRV:64bit: - [2011.05.23 02:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2011.04.05 21:00:03 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2010.11.05 11:13:08 | 000,628,840 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.10 23:16:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.04.10 22:43:08 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2008.07.30 21:27:14 | 000,792,576 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux) DRV:64bit: - [2008.07.29 18:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk) DRV:64bit: - [2008.07.29 18:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ) DRV:64bit: - [2008.07.29 18:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter) DRV:64bit: - [2008.07.22 05:11:18 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys -- (nvamacpi) DRV:64bit: - [2008.01.30 11:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2008.01.30 11:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.01.21 04:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam) DRV:64bit: - [2008.01.21 04:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2007.06.29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64) DRV:64bit: - [2006.09.18 23:27:33 | 000,055,640 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys -- (RTL8023x64) DRV - [2010.07.15 19:37:06 | 000,203,864 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv) DRV - [2008.09.30 10:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) DRV - [2005.01.01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://isearch.avg.com/?cid=&mid=& [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_gin2g&mntrId=4406000E2EB7C6AB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss_gin2g&mntrId=4406000E2EB7C6AB IE - HKCU\..\SearchScopes\{480895A8-4E1F-46BA-B874-676ECAEBF0AA}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE426 IE - HKCU\..\SearchScopes\{6C8252B8-767D-4525-9222-039C5FFDE6D0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=dbd9583e-4199-4dcf-8b1a-9ca10cad4d52&apn_sauid=7F56338C-2D7E-4469-9A40-138FC4BA9D34 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={4504E953-4B99-4BD8-83B3-9C3BE5D7DC4F}&mid=193e01731d4f47d0ad83d16b2edc337c-9a17b43a29ba30b5145348a65b47eabb4e5f0f45&lang=de&ds=tt014&pr=sa&d=2012-11-10 13:47:33&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyFw6p1KD&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.goggle.de/" FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0 FF - prefs.js..extensions.enabledAddons: %7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3 FF - prefs.js..extensions.enabledAddons: 0001.amztoolbar%40minimalarts.de:1.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7B5786d022-540e-4699-b350-b4be0ae94b79%7D:3.19.0.3 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( ) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.04 18:32:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2013.02.03 21:26:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2013.02.03 21:26:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.16 19:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.16 19:54:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\andy\AppData\Roaming\5025 [2013.07.24 11:54:38 | 000,000,000 | ---D | M] [2011.12.13 12:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\Extensions [2013.07.16 16:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Ashampoo DE Community Toolbar) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79} [2013.07.24 11:54:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Toolbar für amazon.de) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\0001.amztoolbar@minimalarts.de [2013.07.21 21:49:30 | 000,000,000 | ---D | M] (Lyrics-Monkey) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\122 [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\avg@toolbar [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\ffxtlbr@babylon.com [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\ffxtlbr@delta.com [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\ffxtlbr@incredibar.com [2012.08.23 18:30:44 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\extensions\ciuvo-extension@icq.de.xpi [2012.12.11 15:00:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.08 20:03:22 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.02.20 18:59:55 | 000,002,413 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\askcom.xml [2013.07.21 21:48:10 | 000,006,513 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\babylon.xml [2013.05.28 19:00:33 | 000,006,503 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\BrowserProtect.xml [2013.07.16 15:47:03 | 000,000,925 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\conduit.xml [2013.05.28 19:00:41 | 000,001,294 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\delta.xml [2012.11.01 11:30:22 | 000,001,632 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\firefox-add-ons.xml [2013.07.23 19:44:46 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-1.xml [2013.03.09 15:48:59 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-10.xml [2013.03.10 20:40:35 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-11.xml [2013.04.09 21:16:38 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-12.xml [2013.04.12 15:49:20 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-13.xml [2013.04.23 15:52:25 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-14.xml [2013.05.28 18:57:01 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-15.xml [2013.05.28 19:00:25 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-16.xml [2013.05.28 19:00:43 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-17.xml [2013.06.26 21:40:48 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-18.xml [2013.07.21 21:48:16 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-19.xml [2012.12.09 23:07:20 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-2.xml [2013.07.21 21:50:15 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-20.xml [2013.07.21 21:53:05 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-21.xml [2013.07.21 21:59:50 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-22.xml [2013.07.23 11:54:40 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-23.xml [2013.07.23 11:58:18 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-24.xml [2013.07.24 12:10:28 | 000,000,656 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-25.xml [2012.09.17 18:14:40 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-3.xml [2012.10.29 08:57:22 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-4.xml [2012.11.01 10:53:02 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-5.xml [2013.01.11 15:31:20 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-6.xml [2013.01.23 17:10:49 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-7.xml [2013.02.06 17:25:37 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-8.xml [2013.02.18 16:44:38 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-9.xml [2012.07.19 15:49:19 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin.xml [2013.07.21 21:48:21 | 000,001,305 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\mixidj.xml [2012.10.23 18:18:45 | 000,003,915 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\sweetim.xml [2013.07.16 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.07.16 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2013.07.16 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.16 19:54:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.10.24 00:49:22 | 001,826,192 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2013.05.21 16:29:34 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011.04.05 20:59:31 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\andy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - plugin: Error reading preferences file CHR - Extension: TV = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\ CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Uhr = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0\ CHR - Extension: avast! WebRep = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: SweetIM for Facebook = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.122\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.125\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0\ CHR - Extension: Sprocket Rocket = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0\ CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\ CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: TV = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\ CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Uhr = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0\ CHR - Extension: avast! WebRep = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: SweetIM for Facebook = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.122\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.125\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0\ CHR - Extension: Sprocket Rocket = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0\ CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\ CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\andy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Epson Stylus Photo PX710W(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_SC574.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [HydraVisionMDEngine] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD) O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{182A12D2-15A4-4214-A1C6-6E1119F957E7}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4898D81A-7189-4D10-8282-6631EE88EF62}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3BFD8EA-C7EB-4EBF-8B27-9F763C2CD10F}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.07.24 11:54:17 | 000,000,000 | ---D | M] - C:\AutoCAD Plant 3D 2011 Content -- [ NTFS ] O33 - MountPoints2\{87924176-839d-11e0-8df8-00226838da8f}\Shell - "" = AutoRun O33 - MountPoints2\{87924176-839d-11e0-8df8-00226838da8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LANLauncher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.24 11:01:04 | 000,000,000 | ---D | C] -- C:\FRST [2013.07.23 11:24:53 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\YVwAvuyo [2013.07.23 11:24:52 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\QOzRNmaj [2013.07.23 11:24:51 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\Dirty [2013.07.21 21:51:52 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Roaming\FSC [2013.07.21 21:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent [2013.07.21 13:00:34 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Neuer Ordner (2) [2013.07.20 18:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(37) [2013.07.20 18:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.07.20 18:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update(0) [2013.07.20 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(36) [2013.07.20 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour(17) [2013.07.20 13:35:19 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Roaming\WindSolutions [2013.07.20 13:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2013.07.20 12:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT [2013.07.20 12:26:41 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Neuer Ordner [2013.07.20 12:07:35 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Spartacus [2013.07.20 12:03:46 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Programme [2013.07.20 12:03:37 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Spiele [2013.07.20 12:03:31 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Filme [2013.07.20 12:03:25 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Musik [2013.07.17 12:56:04 | 000,000,000 | R--D | C] -- C:\Users\andy\Favorites [2013.07.16 19:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.25 20:21:31 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{BA8BAA2F-142E-4166-85C0-6D80F8DA2338} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.24 12:11:09 | 001,452,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.24 12:11:09 | 000,631,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.24 12:11:09 | 000,598,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.24 12:11:09 | 000,127,462 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.24 12:11:09 | 000,105,086 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.24 12:03:36 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.24 12:03:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.24 12:03:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.24 12:03:35 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013.07.24 12:03:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.24 11:22:39 | 000,001,356 | ---- | M] () -- C:\Users\andy\AppData\Local\d3d9caps.dat [2013.07.20 14:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.20 14:03:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.20 13:33:44 | 008,249,273 | R--- | M] () -- C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip [2013.07.20 13:20:59 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.20 12:44:18 | 000,000,186 | ---- | M] () -- C:\Users\andy\AppData\Roaming\wklnhst.dat [2013.07.20 12:27:55 | 000,001,700 | ---- | M] () -- C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk [2013.07.16 16:02:04 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job [2013.07.10 21:32:57 | 652,037,851 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.07.01 14:54:50 | 003,041,315 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2527.JPG [2013.07.01 14:54:32 | 002,344,541 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2525.JPG [2013.07.01 14:40:38 | 002,756,746 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2524.JPG [2013.07.01 14:40:22 | 002,152,937 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2523.JPG [2013.07.01 14:33:58 | 002,344,318 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2521.JPG [2013.07.01 14:30:26 | 001,934,462 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2519.JPG [2013.07.01 14:30:02 | 002,105,307 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2518.JPG [2013.07.01 14:29:58 | 002,124,730 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2517.JPG [2013.06.26 21:40:46 | 000,003,718 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml [2013.06.26 21:40:16 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.21 13:39:33 | 003,041,315 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2527.JPG [2013.07.21 13:39:31 | 002,344,541 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2525.JPG [2013.07.21 13:39:24 | 002,756,746 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2524.JPG [2013.07.21 13:39:21 | 002,152,937 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2523.JPG [2013.07.21 13:39:19 | 002,344,318 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2521.JPG [2013.07.21 13:38:52 | 001,934,462 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2519.JPG [2013.07.21 13:38:50 | 002,105,307 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2518.JPG [2013.07.21 13:38:48 | 002,124,730 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2517.JPG [2013.07.20 13:33:39 | 008,249,273 | R--- | C] () -- C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip [2013.07.20 13:20:59 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.20 12:27:55 | 000,001,700 | ---- | C] () -- C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk [2013.06.26 21:40:03 | 000,003,718 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml [2012.09.25 20:40:22 | 000,000,797 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{71E7C1C8-2DC8-46A7-97BA-5ECE92DC7AED}_sta [2012.09.25 20:40:22 | 000,000,794 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{71E7C1C8-2DC8-46A7-97BA-5ECE92DC7AED}_prof [2012.09.25 20:38:35 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\rt2870.bin [2012.09.25 20:38:34 | 000,014,640 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.09.25 20:38:19 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\RAEXTUI.dll [2012.09.25 20:31:51 | 000,000,808 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{D6E232D7-E90E-47CB-AAD2-C8AA3DD43AA8}_prof [2012.09.25 20:31:51 | 000,000,797 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{D6E232D7-E90E-47CB-AAD2-C8AA3DD43AA8}_sta [2012.09.04 16:13:04 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.02.22 16:34:25 | 000,000,186 | ---- | C] () -- C:\Users\andy\AppData\Roaming\wklnhst.dat [2012.01.25 01:15:30 | 000,000,904 | ---- | C] () -- C:\Users\andy\PokerStars.lnk [2012.01.12 20:20:53 | 017,153,049 | ---- | C] () -- C:\Users\andy\Als Doorgunner in Mazar-e Sharif[1].mp4 [2012.01.12 15:33:21 | 000,077,190 | ---- | C] () -- C:\Users\andy\lustig.jpg [2012.01.06 22:29:09 | 000,393,897 | R--- | C] () -- C:\Users\andy\reparaturauftrag.pdf [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.28 13:02:18 | 000,001,356 | ---- | C] () -- C:\Users\andy\AppData\Local\d3d9caps.dat [2011.09.27 09:37:31 | 000,011,536 | ---- | C] () -- C:\Users\andy\319547_235679213147029_222573687790915_621351_891860537_n.jpg [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.28 14:25:59 | 000,000,340 | ---- | C] () -- C:\Windows\wininit.ini [2011.07.10 21:29:45 | 000,000,058 | ---- | C] () -- C:\Users\andy\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2011.04.09 21:49:46 | 000,104,448 | ---- | C] () -- C:\Users\andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.04 23:17:24 | 000,000,732 | ---- | C] () -- C:\Users\andy\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2012.10.18 16:06:10 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2012.10.18 16:06:10 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\$Recycle.Bin\S-1-5-18\$e208ff6f672c650c04e7a8e5c9943106\n. "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4D066AD2 < End of report > OTL Extras logfile created on: 24.07.2013 12:14:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andy\Desktop\Neuer Ordner 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,19% Memory free 16,05 Gb Paging File | 13,65 Gb Available in Paging File | 85,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,46 Gb Total Space | 211,18 Gb Free Space | 46,06% Space Free | Partition Type: NTFS Drive D: | 458,41 Gb Total Space | 410,10 Gb Free Space | 89,46% Space Free | Partition Type: NTFS Drive E: | 18,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDY-PC | User Name: andy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 67 BD A5 90 0C F3 CB 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5783F2D7-9017-0407-1102-0060B0CE6BBA}" = AutoCAD Plant 3D 2011 Language Pack - Deutsch "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A109BCE-6CC8-7AF4-EF13-E5EC6BACFFA5}" = ATI AVIVO64 Codecs "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{ADE357A9-1514-A3CB-2053-EFAC5B6698C0}" = ATI Problem Report Wizard "{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64 "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON PX710W Series" = EPSON PX710W Series Printer Uninstall "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.00 (64-Bit) "WNLT" = IB Updater Service [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1" = Kalenderchen 5 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1" = FINAL FANTASY VII "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{186688D8-B50B-41d9-B036-CAE52CCB86AE}_is1" = Ashampoo 3D CAD Professional 3 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = EDIMAX Edimax Wireless LAN "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{37D290AF-6602-4C22-9AF8-66CB7231C729}" = minimal arts - Toolbar für amazon.de "{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German "{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69F3E292-7DB2-4FC1-A270-DFDD77448EA2}" = WinFunktion Mathematik plus 19 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6CA671A5-954C-4B75-8104-7B085246A8B5}" = dolp_demo "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files (x86)\Acer GameZone\GameConsole "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7FF30785-278C-4D1C-858B-349F7373A991}" = Free-Jahreskalender 2013 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French "{9B0AC7ED-E425-4BD9-8196-D4D5D31FFD37}" = Activision(R) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7 "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian "{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader "{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0 "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{D82F4E66-B3F6-4482-879E-AAC745CCFE0F}" = DraftSight "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DB90B88C-DDA6-4831-B73D-58B4B8F3D349}" = Document Express DjVu Plug-in "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010 "{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{ED83D14F-8100-63D0-9329-77A92380EB92}" = HydraVision "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{EE79A8D3-6676-41FF-967C-242017CEC0F2}" = MAGIX Screenshare "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG Secure Search" = AVG Security Toolbar "Avira AntiVir Desktop" = Avira Free Antivirus "BewerbungsGenie 7_is1" = DATA BECKER BewerbungsGenie 7 "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "delta" = Delta toolbar "Dishonored German (c) Bethesda_is1" = Dishonored German (c) Bethesda version 1 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Epson Printer Software Downloader" = Epson Printer Software Downloader "EPSON Scanner" = EPSON Scan "Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Benutzerhandbuch" = Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Handbuch "FluidSIM 4.2n Pneumatik Demoversion" = FluidSIM 4.2n Pneumatik Demoversion "Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.24.430 "Goldfieber III - Der Schatz des Schwarzen Ordens SA - Deutsch 1.0" = Goldfieber III - Der Schatz des Schwarzen Ordens SA - Deutsch 1.0 "Google Chrome" = Google Chrome "GridinSoft Trojan Killer" = Trojan Killer "iLivid" = iLivid "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{9B0AC7ED-E425-4BD9-8196-D4D5D31FFD37}" = Ice Age 3 Die Dinosaurier sind los(TM) "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "MAGIX_{EE79A8D3-6676-41FF-967C-242017CEC0F2}" = MAGIX Screenshare "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.7 "PokerStars.eu" = PokerStars.eu "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PS3 Media Server" = PS3 Media Server "Rockstar Games Social Club" = Rockstar Games Social Club "ScreenshotCaptor_is1" = Screenshot Captor 2.88.01 "StarCraft II" = StarCraft II "Streamripper" = Streamripper (Remove only) "Sweet Home 3D_is1" = Sweet Home 3D version 4.0 "UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft "VLC media player" = VLC media player 0.9.9 "WhiteCap" = WhiteCap "WinLiveSuite" = Windows Live Essentials "WinX Free MP4 to WMV Converter_is1" = WinX Free MP4 to WMV Converter 4.1.3 "XP Codec Pack" = XP Codec Pack ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "FoxTab Media Player" = FoxTab Media Player "PassportPhoto" = PassportPhoto (remove) "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.09.2012 11:08:01 | Computer Name = andy-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = Error - 11.09.2012 11:13:17 | Computer Name = andy-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung TuneUpUtilitiesService64.exe, Version 10.0.4000.60, Zeitstempel 0x4d80a995, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel 0x49f05e53, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000059360, Prozess-ID 0xa58, Anwendungsstartzeit 01cd902daafa0a07. Error - 12.09.2012 10:05:30 | Computer Name = andy-PC | Source = FSecure-FSecure-F-Secure Management Agent | ID = 103 Description = Error - 12.09.2012 10:06:38 | Computer Name = andy-PC | Source = WinMgmt | ID = 10 Description = Error - 12.09.2012 10:09:02 | Computer Name = andy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 12.09.2012 10:09:28 | Computer Name = andy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 12.09.2012 10:29:22 | Computer Name = andy-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung TuneUpUtilitiesService64.exe, Version 10.0.4000.60, Zeitstempel 0x4d80a995, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel 0x49f05e53, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000059360, Prozess-ID 0xa44, Anwendungsstartzeit 01cd90ef9b10d517. Error - 12.09.2012 10:48:25 | Computer Name = andy-PC | Source = FSecure-FSecure-F-Secure Management Agent | ID = 103 Description = Error - 12.09.2012 10:49:30 | Computer Name = andy-PC | Source = WinMgmt | ID = 10 Description = Error - 12.09.2012 10:50:00 | Computer Name = andy-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung TuneUpUtilitiesService64.exe, Version 10.0.4000.60, Zeitstempel 0x4d80a995, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel 0x49f05e53, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000059360, Prozess-ID 0xa70, Anwendungsstartzeit 01cd90f599be9497. [ System Events ] Error - 24.07.2013 06:04:43 | Computer Name = andy-PC | Source = DCOM | ID = 10016 Description = Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7023 Description = Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7000 Description = Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7000 Description = Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7026 Description = Error - 24.07.2013 06:06:52 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7001 Description = Error - 24.07.2013 06:14:35 | Computer Name = andy-PC | Source = DCOM | ID = 10016 Description = Error - 24.07.2013 06:14:43 | Computer Name = andy-PC | Source = DCOM | ID = 10016 Description = Error - 24.07.2013 06:24:35 | Computer Name = andy-PC | Source = DCOM | ID = 10016 Description = Error - 24.07.2013 06:24:43 | Computer Name = andy-PC | Source = DCOM | ID = 10016 Description = < End of report > |
| Themen zu Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! |
| akamai, antivir, avg security toolbar, avira, becker, bho, bonjour, cid, converter, desktop, error, firefox, flash player, home, install.exe, logfile, mozilla, mp3, object, plug-in, preferences, problem, realtek, scan, secure search, senden, software, trojaner, usb, virus, vista, visual studio, vtoolbarupdater |
Baum-Darstellung