Trojaner-Board - Windows-Verschlüsselungs-Trojaner - Originaldatei größer als verschlüsselte Datei

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows-Verschlüsselungs-Trojaner - Originaldatei größer als verschlüsselte Datei (https://www.trojaner-board.de/114259-windows-verschluesselungs-trojaner-originaldatei-groesser-verschluesselte-datei.html)

Windows-Verschlüsselungs-Trojaner - Originaldatei größer als verschlüsselte Datei

Hallo,

ich habe wie viele andere einen Klick zu viel gemacht und meinen Laptop mit den Windows-Verschlüsselungstrojaner infiziert.

Um den Schaden zu beheben, suchte ich im Internet nach einer Lösung. Google zeigt mir den Beitrag auf www.konsumer.info (hxxp://www.konsumer.info/?p=22083) an. Ich scannte meinen Laptop mit dem kostenlose Tool Dr.Web CureIt! wie auf dieser Seite beschrieben. Dabei wurden noch andere Trojaner gefunden. Diese wurden verschoben.

Nun wollte ich die verschlüsselten Dateien wieder entschlüsseln. Das Tool auf der Seite www.konsumer.info von Dr. Web funktionierte nicht. Deswegen ging ich erneut auf die Suche nach einer Lösung und stieß auf diese Seite hier: http://www.trojaner-board.de/114116-...-encoder.html. Ich habe den DecryptHelper und Avira Ransom File Unlocker installiert. Doch beide bringen, dass die Originaldatei größer ist als die gelockte Datei.

Welchen Fehler habe ich gemacht? Kann mir jemand weiterhelfen?

Viele Grüße
Juliane

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Ob etwas bringt, aber kannst versuchen :

1.
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.

Zitat:

-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!

Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
► Start → Alle Programme → Zubehör → Systemprogramme → Systemwiederherstellung

->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
-> Systemwiederherstellung unter Windows Vista
-> Systemwiederherstellung unter Win 7
->Systemwiederherstellung: Häufig gestellte Fragen ► Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)

Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

** Achtung!:
Auch nach Systemwiederherstellung können noch (Viren) Probleme auftreten. Daher ich würde noch eine gründliche Systemreinigung und Systemupdate vorschlagen. Also führe die folgenden Schritte in der angegebenen Reihenfolge aus:

2.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.

http://image.hijackthis.eu/upload/otl_screen_neu.jpg
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Hallo kira,

tut mir leid, dass hatte ich vergessen zu schreiben. Eine Systemwiederherstellung habe ich vor dem Scan mit Dr. Web gemacht. Dadurch verschwand das Fenster "Sie haben sich mit dem Windows-Verschlüsselungs-Trojaner" infiziert. Die Dateien waren auch nach der Systemwiederherstellung verschlüsselt.

Die anderen beiden Schritte habe ich ausgeführt.

2. Schritt

extra mit Hijack

OTL Logfile:

Code:

OTL logfile created on: 28.04.2012 11:41:59 - Run 1

OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\Juli\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,80 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 62,63% Memory free

7,60 Gb Paging File | 5,79 Gb Available in Paging File | 76,18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450,59 Gb Total Space | 382,77 Gb Free Space | 84,95% Space Free | Partition Type: NTFS

Drive D: | 14,87 Gb Total Space | 1,84 Gb Free Space | 12,34% Space Free | Partition Type: NTFS

Drive G: | 99,02 Mb Total Space | 88,76 Mb Free Space | 89,64% Space Free | Partition Type: FAT32

 

Computer Name: JULI-PC | User Name: Juli | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.28 11:38:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Juli\Downloads\OTL.exe

PRC - [2012.02.25 15:15:06 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

PRC - [2012.02.15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2012.02.15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.12.15 15:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011.07.27 04:19:58 | 002,586,480 | ---- | M] (Gladinet, INC) -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe

PRC - [2011.07.26 15:05:30 | 000,029,552 | ---- | M] (Gladinet, INC) -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe

PRC - [2011.07.04 11:39:48 | 000,332,432 | ---- | M] (Expert System S.p.A.) -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe

PRC - [2011.07.01 12:27:00 | 010,200,240 | ---- | M] (Bibliographisches Institut GmbH) -- C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe

PRC - [2011.06.28 09:18:36 | 000,605,032 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Create 7\PdfCreate7Hook.exe

PRC - [2011.03.01 15:44:50 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.02.09 17:57:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2011.02.01 01:42:40 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2010.12.28 02:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

PRC - [2010.12.13 12:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010.07.23 21:43:54 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010.07.23 21:43:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2010.05.21 14:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2009.09.12 19:09:48 | 000,357,800 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2009.09.12 19:09:14 | 005,082,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2009.06.23 14:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe

PRC - [2009.06.18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

PRC - [2009.06.18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe

PRC - [2009.06.18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe

PRC - [2009.06.15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe

PRC - [2009.06.04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe

PRC - [2008.08.20 18:31:12 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\WinTVR3\Schedule.exe

PRC - [2006.11.24 05:48:34 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\WinTVR3\Remote.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.17 11:14:19 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll

MOD - [2012.04.17 11:13:42 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\39cf4f0f0e6adca3403df6c641a73e15\IAStorUtil.ni.dll

MOD - [2012.04.17 08:54:22 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll

MOD - [2012.04.17 08:53:50 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll

MOD - [2012.04.17 08:53:42 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll

MOD - [2012.02.17 11:30:53 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll

MOD - [2012.02.16 15:26:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012.02.16 15:25:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012.02.16 15:25:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012.02.16 15:25:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012.02.16 15:25:09 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012.02.16 15:24:59 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011.07.26 11:15:52 | 000,251,760 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSBr_nuance.dll

MOD - [2011.07.26 11:13:48 | 000,153,456 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui_GER.dll

MOD - [2011.07.26 11:13:14 | 000,015,216 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll

MOD - [2011.07.26 11:13:10 | 000,079,728 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll

MOD - [2011.07.26 11:13:00 | 000,292,720 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll

MOD - [2011.07.01 12:37:40 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\MBControls.dll

MOD - [2011.05.09 22:11:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2008.08.20 18:31:12 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\WinTVR3\Schedule.exe

MOD - [2007.01.19 01:51:06 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\WinTVR3\RmCard.dll

MOD - [2006.11.24 05:48:34 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\WinTVR3\Remote.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.04.17 08:49:39 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.02.25 15:15:06 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2012.02.15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)

SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011.07.26 15:05:30 | 000,029,552 | ---- | M] (Gladinet, INC) [Auto | Running] -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe -- (GladFileMonSvc)

SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.03.01 15:44:50 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2011.03.01 15:43:52 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)

SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011.02.25 02:08:46 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)

SRV - [2011.02.16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)

SRV - [2011.02.01 01:42:40 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2010.12.28 02:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2010.07.23 21:43:54 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2010.07.23 21:43:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2010.07.21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV - [2009.09.12 19:10:04 | 000,891,848 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2009.06.23 14:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)

SRV - [2009.06.23 12:23:14 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)

SRV - [2009.06.18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)

SRV - [2009.06.18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)

SRV - [2009.06.18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)

SRV - [2009.06.15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.06.04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)

SRV - [2009.06.03 11:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)

SRV - [2008.10.31 15:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)

SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.02.25 15:15:07 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)

DRV:64bit: - [2012.02.25 15:15:05 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)

DRV:64bit: - [2012.02.25 15:15:03 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)

DRV:64bit: - [2012.02.25 15:14:56 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)

DRV:64bit: - [2012.02.16 11:08:07 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.01.26 14:21:40 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.12.15 15:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.08.31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.05 09:16:20 | 000,436,840 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.03.01 15:44:08 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011.03.01 15:44:06 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011.03.01 15:44:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011.03.01 15:44:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011.03.01 15:44:06 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011.03.01 15:44:06 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011.03.01 15:44:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2011.02.22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011.02.15 21:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2011.02.09 17:58:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010.12.21 02:20:02 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.08.30 14:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2010.08.20 04:45:28 | 000,654,720 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)

DRV:64bit: - [2010.08.20 04:44:48 | 000,943,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)

DRV:64bit: - [2009.09.17 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10

IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10

IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.27 03:03:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.19 19:46:11 | 000,000,000 | ---D | M]

 

[2012.01.20 15:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juli\AppData\Roaming\mozilla\Extensions

[2012.04.26 13:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juli\AppData\Roaming\mozilla\Firefox\Profiles\kuer6x2c.default\extensions

[2012.02.21 16:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

File not found (No name found) -- C:\USERS\JULI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KUER6X2C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.03.16 17:09:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.02.19 19:46:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2007.02.08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll

[2009.06.23 20:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll

[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)

O4 - HKLM..\Run: [Nuance OmniPage 18-reminder] C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFCreHook] C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Schedule] C:\Program Files (x86)\WinTVR3\Schedule.exe ()

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [TVPro Control] C:\Program Files (x86)\WinTVR3\Remote.exe ()

O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)

O4 - HKCU..\Run: [OpAgent] "OpAgent.exe" /agent File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.24.53.248 141.24.53.227

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209C02EF-8992-403E-9A34-141D300BB78E}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF544BAF-39B9-4BAA-AB51-1A63E7D31658}: DhcpNameServer = 141.24.53.248 141.24.53.227

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.28 10:04:28 | 000,000,000 | ---D | C] -- C:\Users\Juli\Documents\Avira-RansomFileUnlocker

[2012.04.27 13:27:15 | 000,000,000 | ---D | C] -- C:\Users\Juli\DoctorWeb

[2012.04.27 11:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva

[2012.04.27 11:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2012.04.26 14:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.04.26 14:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012.04.21 14:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.04.21 14:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012.04.15 11:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

[2012.04.15 10:50:56 | 000,000,000 | ---D | C] -- C:\Users\Juli\AppData\Roaming\skypePM

[2012.04.14 10:32:51 | 000,000,000 | ---D | C] -- C:\Users\Juli\AppData\Local\{70840C0F-8D17-4A94-A734-6525C00EB8B8}

[2012.04.12 16:38:35 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.04.12 16:38:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.04.12 16:38:34 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.04.12 16:38:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.04.12 16:38:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.04.12 16:38:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.04.12 16:38:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.04.12 16:38:33 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.04.12 16:38:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.04.12 16:38:32 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.04.12 16:38:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.04.12 16:38:11 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012.04.12 16:38:10 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012.04.12 16:38:09 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012.04.11 21:42:39 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012.04.11 21:42:39 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012.04.11 21:42:37 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012.04.02 16:14:33 | 000,000,000 | ---D | C] -- C:\Users\Juli\AppData\Roaming\dvdcss

[2012.04.01 09:00:34 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.28 10:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.28 10:32:01 | 000,003,264 | ---- | M] () -- C:\Users\Juli\Desktop\Attach.zip

[2012.04.28 10:24:21 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.28 10:24:21 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.28 10:16:46 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2012.04.28 10:16:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.28 10:16:16 | 3062,251,520 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.28 10:15:13 | 000,000,188 | ---- | M] () -- C:\Users\Juli\defogger_reenable

[2012.04.28 09:42:52 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.04.28 09:42:52 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.04.28 09:42:52 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.04.28 09:42:52 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.04.28 09:42:52 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.04.28 09:21:18 | 000,004,063 | ---- | M] () -- C:\Users\Juli\Documents\DrWeb.csv

[2012.04.27 06:59:35 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJuli.job

[2012.04.26 21:07:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJULI-PC$.job

[2012.04.26 13:55:45 | 000,026,859 | ---- | M] () -- C:\Users\Juli\Documents\locked-Ostern.htm.xxto

[2012.04.26 13:50:05 | 000,007,602 | ---- | M] () -- C:\Users\Juli\AppData\Local\locked-Resmon.ResmonCfg.zihr

[2012.04.26 13:49:17 | 000,003,119 | ---- | M] () -- C:\Users\Juli\locked-.recently-used.xbel.nnhz

[2012.04.17 08:49:39 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.04.17 08:49:39 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.04.15 12:06:55 | 000,444,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.04.15 10:50:59 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

 
 ========== Files Created - No Company Name ==========

 

[2012.04.28 10:32:01 | 000,003,264 | ---- | C] () -- C:\Users\Juli\Desktop\Attach.zip

[2012.04.28 10:15:13 | 000,000,188 | ---- | C] () -- C:\Users\Juli\defogger_reenable

[2012.04.28 09:21:17 | 000,004,063 | ---- | C] () -- C:\Users\Juli\Documents\DrWeb.csv

[2012.04.15 10:50:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2012.04.01 09:00:35 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.02.09 11:36:21 | 000,000,403 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2012.02.09 11:24:42 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.01.20 15:05:41 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll

[2012.01.20 15:05:41 | 000,069,707 | ---- | C] () -- C:\Windows\SysWow64\DISP_OPT1.dll

[2012.01.20 15:05:41 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\GTWST.dll

[2012.01.20 15:05:39 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2012.01.18 19:37:54 | 000,007,602 | ---- | C] () -- C:\Users\Juli\AppData\Local\locked-Resmon.ResmonCfg.zihr

[2011.08.31 20:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2011.08.31 20:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2011.08.31 20:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011.05.09 12:47:27 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini

[2010.12.21 02:20:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

 
 ========== LOP Check ==========

 

[2012.02.25 15:21:08 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Acronis

[2012.01.23 18:12:39 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Ashampoo

[2012.02.29 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\DAEMON Tools Lite

[2012.04.27 03:02:49 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Duden

[2012.02.21 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\gtk-2.0

[2012.04.26 13:50:56 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\ICQ

[2012.01.26 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\IrfanView

[2012.04.27 03:03:47 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\JabRef 2.7.2

[2012.04.26 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\LyX2.0

[2012.01.24 20:12:11 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Namco

[2012.02.09 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Nuance

[2012.01.22 13:41:35 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\OpenOffice.org

[2012.02.02 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\PlayFirst

[2012.01.26 21:15:22 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Playrix Entertainment

[2012.01.18 18:28:24 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Synaptics

[2012.04.27 03:03:08 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\WildTangentv1001

[2012.02.09 12:11:43 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Zeon

[2012.03.10 17:07:09 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A303874F
 

< End of report >

--- --- ---
[\code]

otl

Code:

Acronis*True*Image*Home        Acronis        24.02.2012        156,3MB        13.0.5055

Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        10.03.2012        6,00MB        11.1.102.63

Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        16.04.2012        6,00MB        11.2.202.233

Ashampoo Burning Studio Elements 10.0.9        Ashampoo GmbH & Co. KG        22.01.2012        162,0MB        3.1.1

Atheros Driver Installation Program        Atheros        21.06.2011                9.2

Avira Free Antivirus        Avira        15.02.2012        108,9MB        12.0.0.898

Bing Bar        Microsoft Corporation        21.06.2011        24,4MB        7.0.610.0

Bluetooth Win7 Suite (64)        Atheros Communications        21.06.2011        59,5MB        7.2.0.60

CCleaner        Piriform        19.01.2012                3.14

Cisco EAP-FAST Module        Cisco Systems, Inc.        21.06.2011        1,55MB        2.2.14

Cisco LEAP Module        Cisco Systems, Inc.        21.06.2011        0,63MB        1.0.19

Cisco PEAP Module        Cisco Systems, Inc.        21.06.2011        1,24MB        1.1.6

CyberLink YouCam        CyberLink Corp.        21.06.2011        102,3MB        3.2.1.3726

DAEMON Tools Lite        DT Soft Ltd        25.01.2012                4.45.2.0287

Drv        My Company Name        19.01.2012                1.00.0000

Duden-Rechtschreibprüfung kompakt        Bibliographisches Institut GmbH        15.02.2012        577MB        8.0

Duden-Rechtschreibprüfung Upgrade Medizin        Bibliographisches Institut GmbH        01.03.2012        301MB        8.0

Energy Star Digital Logo        Hewlett-Packard        21.06.2011        0,29MB        1.0.1

Evernote v. 4.2.2        Evernote Corp.        08.05.2011        139,1MB        4.2.2.3979

Flowery Vale        PurpleHills        09.03.2012        16,1MB        1.00.0000

GIMP 2.6.8                15.02.2012                

HP Documentation        Hewlett-Packard        08.05.2011        304MB        1.1.0.0

HP Games        WildTangent        21.06.2011                1.0.2.4

HP On Screen Display        Hewlett-Packard Company        08.05.2011        1,43MB        1.0.7

HP Power Manager        Hewlett-Packard Company        21.06.2011        3,61MB        1.2.1

HP Quick Launch        Hewlett-Packard Company        01.03.2012        6,10MB        2.6.3

HP Setup        Hewlett-Packard Company        08.05.2011                8.5.4526.3645

HP Software Framework        Hewlett-Packard Company        18.02.2012        4,75MB        4.1.13.1

HP Support Assistant        Hewlett-Packard Company        08.02.2012        78,6MB        6.1.12.1

HP Wireless Assistant        Hewlett-Packard        08.05.2011        5,61MB        4.0.10.0

ICQ7.7        ICQ        23.01.2012                7.7

Intel(R) Control Center        Intel Corporation        22.06.2011                1.2.1.1007

Intel(R) Graphics Media Accelerator Driver        Intel Corporation        22.06.2011                8.15.10.2202

Intel(R) Management Engine Components        Intel Corporation        22.06.2011                6.0.0.1179

Intel(R) Rapid Storage Technology        Intel Corporation        22.06.2011                10.0.0.1046

Java(TM) 6 Update 31        Oracle        18.02.2012        95,1MB        6.0.310

Java(TM) 7 Update 2 (64-bit)        Oracle        25.01.2012        93,6MB        7.0.20

LyX 2.0.2-1        LyX Team        19.01.2012                2.0.2-1

MATLAB R2011a        The MathWorks, Inc.        25.01.2012                7.12

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        19.01.2012        38,8MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        19.01.2012        2,94MB        4.0.30319

Microsoft .NET Framework 4 Extended        Microsoft Corporation        08.02.2012        52,0MB        4.0.30319

Microsoft Office Enterprise 2007        Microsoft Corporation        14.04.2012                12.0.6612.1000

Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        08.05.2011        1,70MB        3.1.0000

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        14.04.2012        0,29MB        8.0.61001

Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        21.06.2011        0,61MB        8.0.61000

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        08.05.2011        0,77MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        21.06.2011        0,77MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        14.04.2012        0,77MB        9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        08.02.2012        0,23MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        21.06.2011        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        14.04.2012        0,59MB        9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        14.04.2012        13,8MB        10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        14.04.2012        12,3MB        10.0.40219

Microsoft_VC90_CRT_x86        Microsoft Corporation        08.05.2011        1,38MB        1.0.0

MiKTeX 2.9        MiKTeX.org        19.01.2012                2.9

Mozilla Firefox 11.0 (x86 de)        Mozilla        15.03.2012        36,4MB        11.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        20.01.2012        1,28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        21.01.2012        1,34MB        4.20.9876.0

Nuance Cloud Connector        Nuance Communications, Inc.        08.02.2012        24,7MB        3.2.713

Nuance OmniPage 18        Nuance Communications, Inc.        08.02.2012        614MB        18.1.0000

Nuance PDF Create 7        Nuance Communications, Inc        08.02.2012        186,1MB        7.10.2364

PDF Complete Special Edition        PDF Complete, Inc        21.06.2011                4.0.34

PDF-XChange Viewer        Tracker Software Products Ltd.        19.01.2012        64,3MB        2.5.200.0

Realtek Ethernet Controller Driver        Realtek        21.06.2011                7.42.304.2011

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        21.06.2011                6.0.1.6287

Realtek PCIE Card Reader        Realtek Semiconductor Corp.        21.06.2011                6.1.7600.77

Recuva        Piriform        26.04.2012                1.42

SecureW2 Personal Client - Distribution Edition 2.0.7 for Windows                25.01.2012                

Skype™ 5.8        Skype Technologies S.A.        20.04.2012        19,0MB        5.8.158

Software von National Instruments        National Instruments        31.01.2012                

Synaptics Pointing Device Driver        Synaptics Incorporated        21.06.2011        46,4MB        15.2.4.3

VLC media player 2.0.1        VideoLAN        26.03.2012                2.0.1

Windows Live Essentials        Microsoft Corporation        09.05.2011                15.4.3508.1109

WinRAR 4.10 (64-Bit)        win.rar GmbH        25.01.2012                4.10.0

WinTVR3                19.01.2012                3.00.0000

Xobni        Xobni Corp.        21.06.2011                1.9.5.13209

3. Schritt: CCleaner

Code:

Acronis*True*Image*Home        Acronis        24.02.2012        156,3MB        13.0.5055

Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        10.03.2012        6,00MB        11.1.102.63

Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        16.04.2012        6,00MB        11.2.202.233

Ashampoo Burning Studio Elements 10.0.9        Ashampoo GmbH & Co. KG        22.01.2012        162,0MB        3.1.1

Atheros Driver Installation Program        Atheros        21.06.2011                9.2

Avira Free Antivirus        Avira        15.02.2012        108,9MB        12.0.0.898

Bing Bar        Microsoft Corporation        21.06.2011        24,4MB        7.0.610.0

Bluetooth Win7 Suite (64)        Atheros Communications        21.06.2011        59,5MB        7.2.0.60

CCleaner        Piriform        19.01.2012                3.14

Cisco EAP-FAST Module        Cisco Systems, Inc.        21.06.2011        1,55MB        2.2.14

Cisco LEAP Module        Cisco Systems, Inc.        21.06.2011        0,63MB        1.0.19

Cisco PEAP Module        Cisco Systems, Inc.        21.06.2011        1,24MB        1.1.6

CyberLink YouCam        CyberLink Corp.        21.06.2011        102,3MB        3.2.1.3726

DAEMON Tools Lite        DT Soft Ltd        25.01.2012                4.45.2.0287

Drv        My Company Name        19.01.2012                1.00.0000

Duden-Rechtschreibprüfung kompakt        Bibliographisches Institut GmbH        15.02.2012        577MB        8.0

Duden-Rechtschreibprüfung Upgrade Medizin        Bibliographisches Institut GmbH        01.03.2012        301MB        8.0

Energy Star Digital Logo        Hewlett-Packard        21.06.2011        0,29MB        1.0.1

Evernote v. 4.2.2        Evernote Corp.        08.05.2011        139,1MB        4.2.2.3979

Flowery Vale        PurpleHills        09.03.2012        16,1MB        1.00.0000

GIMP 2.6.8                15.02.2012                

HP Documentation        Hewlett-Packard        08.05.2011        304MB        1.1.0.0

HP Games        WildTangent        21.06.2011                1.0.2.4

HP On Screen Display        Hewlett-Packard Company        08.05.2011        1,43MB        1.0.7

HP Power Manager        Hewlett-Packard Company        21.06.2011        3,61MB        1.2.1

HP Quick Launch        Hewlett-Packard Company        01.03.2012        6,10MB        2.6.3

HP Setup        Hewlett-Packard Company        08.05.2011                8.5.4526.3645

HP Software Framework        Hewlett-Packard Company        18.02.2012        4,75MB        4.1.13.1

HP Support Assistant        Hewlett-Packard Company        08.02.2012        78,6MB        6.1.12.1

HP Wireless Assistant        Hewlett-Packard        08.05.2011        5,61MB        4.0.10.0

ICQ7.7        ICQ        23.01.2012                7.7

Intel(R) Control Center        Intel Corporation        22.06.2011                1.2.1.1007

Intel(R) Graphics Media Accelerator Driver        Intel Corporation        22.06.2011                8.15.10.2202

Intel(R) Management Engine Components        Intel Corporation        22.06.2011                6.0.0.1179

Intel(R) Rapid Storage Technology        Intel Corporation        22.06.2011                10.0.0.1046

Java(TM) 6 Update 31        Oracle        18.02.2012        95,1MB        6.0.310

Java(TM) 7 Update 2 (64-bit)        Oracle        25.01.2012        93,6MB        7.0.20

LyX 2.0.2-1        LyX Team        19.01.2012                2.0.2-1

MATLAB R2011a        The MathWorks, Inc.        25.01.2012                7.12

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        19.01.2012        38,8MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        19.01.2012        2,94MB        4.0.30319

Microsoft .NET Framework 4 Extended        Microsoft Corporation        08.02.2012        52,0MB        4.0.30319

Microsoft Office Enterprise 2007        Microsoft Corporation        14.04.2012                12.0.6612.1000

Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        08.05.2011        1,70MB        3.1.0000

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        14.04.2012        0,29MB        8.0.61001

Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        21.06.2011        0,61MB        8.0.61000

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        08.05.2011        0,77MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        21.06.2011        0,77MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        14.04.2012        0,77MB        9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        08.02.2012        0,23MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        21.06.2011        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        14.04.2012        0,59MB        9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        14.04.2012        13,8MB        10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        14.04.2012        12,3MB        10.0.40219

Microsoft_VC90_CRT_x86        Microsoft Corporation        08.05.2011        1,38MB        1.0.0

MiKTeX 2.9        MiKTeX.org        19.01.2012                2.9

Mozilla Firefox 11.0 (x86 de)        Mozilla        15.03.2012        36,4MB        11.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        20.01.2012        1,28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        21.01.2012        1,34MB        4.20.9876.0

Nuance Cloud Connector        Nuance Communications, Inc.        08.02.2012        24,7MB        3.2.713

Nuance OmniPage 18        Nuance Communications, Inc.        08.02.2012        614MB        18.1.0000

Nuance PDF Create 7        Nuance Communications, Inc        08.02.2012        186,1MB        7.10.2364

PDF Complete Special Edition        PDF Complete, Inc        21.06.2011                4.0.34

PDF-XChange Viewer        Tracker Software Products Ltd.        19.01.2012        64,3MB        2.5.200.0

Realtek Ethernet Controller Driver        Realtek        21.06.2011                7.42.304.2011

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        21.06.2011                6.0.1.6287

Realtek PCIE Card Reader        Realtek Semiconductor Corp.        21.06.2011                6.1.7600.77

Recuva        Piriform        26.04.2012                1.42

SecureW2 Personal Client - Distribution Edition 2.0.7 for Windows                25.01.2012                

Skype™ 5.8        Skype Technologies S.A.        20.04.2012        19,0MB        5.8.158

Software von National Instruments        National Instruments        31.01.2012                

Synaptics Pointing Device Driver        Synaptics Incorporated        21.06.2011        46,4MB        15.2.4.3

VLC media player 2.0.1        VideoLAN        26.03.2012                2.0.1

Windows Live Essentials        Microsoft Corporation        09.05.2011                15.4.3508.1109

WinRAR 4.10 (64-Bit)        win.rar GmbH        25.01.2012                4.10.0

WinTVR3                19.01.2012                3.00.0000

Xobni        Xobni Corp.        21.06.2011                1.9.5.13209

Viele Grüße

Hast Du Acronis, deine Daten werden gesichert? wäre auch eine Neuinstallation doch kein Problem, oder?

1.
kann ich nicht zuordnen, um was handelt es sich dabei ?:

Code:

[2012.04.26 13:55:45 | 000,026,859 | ---- | M] () -- C:\Users\Juli\Documents\locked-Ostern.htm.xxto

[2012.04.26 13:50:05 | 000,007,602 | ---- | M] () -- C:\Users\Juli\AppData\Local\locked-Resmon.ResmonCfg.zihr

[2012.04.26 13:49:17 | 000,003,119 | ---- | M] () -- C:\Users\Juli\locked-.recently-used.xbel.nnhz

[2012.01.18 19:37:54 | 000,007,602 | ---- | C] () -- C:\Users\Juli\AppData\Local\locked-Resmon.ResmonCfg.zihr

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

:OTL

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10

IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10

IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF

IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O4 - HKCU..\Run: [OpAgent] "OpAgent.exe" /agent File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A303874F
 

:Files

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

Hallo,

ja, ich habe eine Datensicherung mit Acronis durchgeführt. Das Speichermedium ist eine externe Festplatte. Diese war zum Zeitpunkt der Infizierung am Laptop angeschlossen, d. h. alle Datein sind auch doch verschlüsselt. (Ja, ich weiß wie dumm, dass von mir gewesen ist.:stirn:) Die Recovery-Partion ist auch infiziert. Auch hier wurden Dateien verschlüsselt. Ich habe schon eine Anfrage an HP geschrieben wegen einer Recovery-CD.

Gestern konnte ich doch noch einige Dateien entschlüsseln, unter anderem die Backup-Dateien meines Laptops.

1.

locked-Ostern.htm -> ist ein Bild
locked-Resmon.ResmonCfg.zihr -> Konfiguration des Ressourcenmonitors
locked-.recently-used.xbel.nnhz -> enthält eine Liste der zuletzt geöffneten Datein

2.

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OpAgent deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

ADS C:\ProgramData\Temp:A303874F deleted successfully.

========== FILES ==========
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Juli\Downloads\cmd.bat deleted successfully.

C:\Users\Juli\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Juli

->Temp folder emptied: 2949824 bytes

->Temporary Internet Files folder emptied: 82427778 bytes

->Java cache emptied: 210065 bytes

->FireFox cache emptied: 75647140 bytes

->Flash cache emptied: 1078 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 612637 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51738 bytes

RecycleBin emptied: 385301255 bytes

 

Total Files Cleaned = 522,00 mb

 

 

OTL by OldTimer - Version 3.2.42.1 log created on 04292012_090329
 

Files\Folders moved on Reboot...

C:\Users\Juli\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

2.
OTL.txt
OTL Logfile:

Code:

OTL logfile created on: 29.04.2012 09:09:48 - Run 2

OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\Juli\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,80 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 54,82% Memory free

7,60 Gb Paging File | 5,59 Gb Available in Paging File | 73,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450,59 Gb Total Space | 372,34 Gb Free Space | 82,63% Space Free | Partition Type: NTFS

Drive D: | 14,87 Gb Total Space | 0,00 Gb Free Space | 0,03% Space Free | Partition Type: NTFS

Drive G: | 99,02 Mb Total Space | 82,64 Mb Free Space | 83,46% Space Free | Partition Type: FAT32

 

Computer Name: JULI-PC | User Name: Juli | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.28 11:38:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Juli\Downloads\OTL.exe

PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012.02.25 15:15:06 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

PRC - [2012.02.15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2012.02.15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.12.15 15:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011.07.27 04:19:58 | 002,586,480 | ---- | M] (Gladinet, INC) -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe

PRC - [2011.07.26 15:05:30 | 000,029,552 | ---- | M] (Gladinet, INC) -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe

PRC - [2011.07.04 11:39:48 | 000,332,432 | ---- | M] (Expert System S.p.A.) -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe

PRC - [2011.07.01 12:27:00 | 010,200,240 | ---- | M] (Bibliographisches Institut GmbH) -- C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe

PRC - [2011.06.28 09:18:36 | 000,605,032 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Create 7\PdfCreate7Hook.exe

PRC - [2011.03.01 15:44:50 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.02.09 17:57:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2011.02.01 01:42:40 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2010.12.28 02:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

PRC - [2010.12.13 12:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010.07.23 21:43:54 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010.07.23 21:43:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2010.05.21 14:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2009.09.12 19:09:48 | 000,357,800 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2009.09.12 19:09:14 | 005,082,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2009.06.23 14:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe

PRC - [2009.06.18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

PRC - [2009.06.18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe

PRC - [2009.06.18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe

PRC - [2009.06.15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe

PRC - [2009.06.04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe

PRC - [2008.08.20 18:31:12 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\WinTVR3\Schedule.exe

PRC - [2006.11.24 05:48:34 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\WinTVR3\Remote.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012.04.17 11:14:19 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll

MOD - [2012.04.17 11:13:42 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\39cf4f0f0e6adca3403df6c641a73e15\IAStorUtil.ni.dll

MOD - [2012.04.17 08:54:22 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll

MOD - [2012.04.17 08:53:50 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll

MOD - [2012.04.17 08:53:42 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll

MOD - [2012.04.17 08:49:39 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

MOD - [2012.02.17 11:30:53 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll

MOD - [2012.02.16 15:26:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012.02.16 15:25:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012.02.16 15:25:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012.02.16 15:25:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012.02.16 15:25:09 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012.02.16 15:24:59 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011.07.26 11:15:52 | 000,251,760 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSBr_nuance.dll

MOD - [2011.07.26 11:13:48 | 000,153,456 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui_GER.dll

MOD - [2011.07.26 11:13:14 | 000,015,216 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll

MOD - [2011.07.26 11:13:10 | 000,079,728 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll

MOD - [2011.07.26 11:13:00 | 000,292,720 | ---- | M] () -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll

MOD - [2011.07.01 12:37:40 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\MBControls.dll

MOD - [2011.05.09 22:11:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2008.08.20 18:31:12 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\WinTVR3\Schedule.exe

MOD - [2007.01.19 01:51:06 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\WinTVR3\RmCard.dll

MOD - [2006.11.24 05:48:34 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\WinTVR3\Remote.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.17 08:49:39 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.02.25 15:15:06 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2012.02.15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)

SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011.07.26 15:05:30 | 000,029,552 | ---- | M] (Gladinet, INC) [Auto | Running] -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe -- (GladFileMonSvc)

SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.03.01 15:44:50 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2011.03.01 15:43:52 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)

SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011.02.25 02:08:46 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)

SRV - [2011.02.16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)

SRV - [2011.02.01 01:42:40 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2010.12.28 02:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2010.07.23 21:43:54 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2010.07.23 21:43:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2010.07.21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV - [2009.09.12 19:10:04 | 000,891,848 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2009.06.23 14:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)

SRV - [2009.06.23 12:23:14 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)

SRV - [2009.06.18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)

SRV - [2009.06.18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)

SRV - [2009.06.18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)

SRV - [2009.06.15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.06.04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)

SRV - [2009.06.03 11:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)

SRV - [2008.10.31 15:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)

SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.02.25 15:15:07 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)

DRV:64bit: - [2012.02.25 15:15:05 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)

DRV:64bit: - [2012.02.25 15:15:03 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)

DRV:64bit: - [2012.02.25 15:14:56 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)

DRV:64bit: - [2012.02.16 11:08:07 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.01.26 14:21:40 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.12.15 15:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.08.31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.05 09:16:20 | 000,436,840 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.03.01 15:44:08 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011.03.01 15:44:06 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011.03.01 15:44:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011.03.01 15:44:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011.03.01 15:44:06 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011.03.01 15:44:06 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011.03.01 15:44:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2011.02.22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011.02.15 21:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2011.02.09 17:58:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010.12.21 02:20:02 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.08.30 14:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2010.08.20 04:45:28 | 000,654,720 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)

DRV:64bit: - [2010.08.20 04:44:48 | 000,943,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)

DRV:64bit: - [2009.09.17 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKLM\..\SearchScopes,DefaultScope = 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.29 08:42:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.19 19:46:11 | 000,000,000 | ---D | M]

 

[2012.01.20 15:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juli\AppData\Roaming\mozilla\Extensions

[2012.04.28 16:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juli\AppData\Roaming\mozilla\Firefox\Profiles\kuer6x2c.default\extensions

[2012.04.29 08:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.02.19 19:46:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2007.02.08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll

[2009.06.23 20:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll

[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)

O4 - HKLM..\Run: [Nuance OmniPage 18-reminder] C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFCreHook] C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Schedule] C:\Program Files (x86)\WinTVR3\Schedule.exe ()

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [TVPro Control] C:\Program Files (x86)\WinTVR3\Remote.exe ()

O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.24.53.248 141.24.53.227

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209C02EF-8992-403E-9A34-141D300BB78E}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF544BAF-39B9-4BAA-AB51-1A63E7D31658}: DhcpNameServer = 141.24.53.248 141.24.53.227

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.29 09:03:29 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.04.28 16:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2012.04.28 15:04:47 | 000,000,000 | ---D | C] -- C:\Users\Juli\Entschlüsselungsschlüssel

[2012.04.28 11:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012.04.28 11:55:42 | 000,000,000 | ---D | C] -- C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012.04.28 10:04:28 | 000,000,000 | ---D | C] -- C:\Users\Juli\Documents\Avira-RansomFileUnlocker

[2012.04.27 13:27:15 | 000,000,000 | ---D | C] -- C:\Users\Juli\DoctorWeb

[2012.04.27 11:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva

[2012.04.27 11:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2012.04.26 14:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.04.26 14:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012.04.21 14:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.04.21 14:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012.04.15 11:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

[2012.04.15 10:50:56 | 000,000,000 | ---D | C] -- C:\Users\Juli\AppData\Roaming\skypePM

[2012.04.14 10:32:51 | 000,000,000 | ---D | C] -- C:\Users\Juli\AppData\Local\{70840C0F-8D17-4A94-A734-6525C00EB8B8}

[2012.04.12 16:38:35 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.04.12 16:38:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.04.12 16:38:34 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.04.12 16:38:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.04.12 16:38:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.04.12 16:38:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.04.12 16:38:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.04.12 16:38:33 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.04.12 16:38:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.04.12 16:38:32 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.04.12 16:38:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.04.12 16:38:11 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012.04.12 16:38:10 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012.04.12 16:38:09 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012.04.11 21:42:39 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012.04.11 21:42:39 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012.04.11 21:42:37 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012.04.02 16:14:33 | 000,000,000 | ---D | C] -- C:\Users\Juli\AppData\Roaming\dvdcss

[2012.04.01 09:00:34 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.29 09:12:56 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.29 09:12:56 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.29 09:06:02 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2012.04.29 09:04:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.29 09:04:55 | 3062,251,520 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.29 08:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.29 08:42:46 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.28 16:35:14 | 000,007,602 | ---- | M] () -- C:\Users\Juli\AppData\Local\Resmon.ResmonCfg

[2012.04.28 16:25:16 | 000,026,859 | ---- | M] () -- C:\Users\Juli\Documents\Ostern.htm

[2012.04.28 15:06:10 | 000,003,119 | ---- | M] () -- C:\Users\Juli\.recently-used.xbel

[2012.04.28 14:56:23 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.04.28 14:56:23 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.04.28 14:56:23 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.04.28 14:56:23 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.04.28 14:56:23 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.04.28 12:10:42 | 000,004,324 | ---- | M] () -- C:\Users\Juli\Desktop\rating_what_otl.htm

[2012.04.28 12:09:06 | 000,004,324 | ---- | M] () -- C:\Users\Juli\Desktop\rating_what_extra.htm

[2012.04.28 11:55:42 | 000,002,971 | ---- | M] () -- C:\Users\Juli\Desktop\HiJackThis.lnk

[2012.04.28 10:32:01 | 000,003,264 | ---- | M] () -- C:\Users\Juli\Desktop\Attach.zip

[2012.04.28 10:15:13 | 000,000,188 | ---- | M] () -- C:\Users\Juli\defogger_reenable

[2012.04.28 09:21:18 | 000,004,063 | ---- | M] () -- C:\Users\Juli\Documents\DrWeb.csv

[2012.04.27 06:59:35 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJuli.job

[2012.04.26 21:07:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJULI-PC$.job

[2012.04.26 13:55:45 | 000,026,859 | ---- | M] () -- C:\Users\Juli\Documents\locked-Ostern.htm.xxto

[2012.04.26 13:50:05 | 000,007,602 | ---- | M] () -- C:\Users\Juli\AppData\Local\locked-Resmon.ResmonCfg.zihr

[2012.04.26 13:49:17 | 000,003,119 | ---- | M] () -- C:\Users\Juli\locked-.recently-used.xbel.nnhz

[2012.04.17 08:49:39 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.04.17 08:49:39 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.04.15 12:06:55 | 000,444,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.04.15 10:50:59 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

 
 ========== Files Created - No Company Name ==========

 

[2012.04.29 08:42:46 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.28 16:35:14 | 000,007,602 | ---- | C] () -- C:\Users\Juli\AppData\Local\Resmon.ResmonCfg

[2012.04.28 16:25:16 | 000,026,859 | ---- | C] () -- C:\Users\Juli\Documents\Ostern.htm

[2012.04.28 15:06:10 | 000,003,119 | ---- | C] () -- C:\Users\Juli\.recently-used.xbel

[2012.04.28 12:10:42 | 000,004,324 | ---- | C] () -- C:\Users\Juli\Desktop\rating_what_otl.htm

[2012.04.28 12:09:06 | 000,004,324 | ---- | C] () -- C:\Users\Juli\Desktop\rating_what_extra.htm

[2012.04.28 11:55:42 | 000,002,971 | ---- | C] () -- C:\Users\Juli\Desktop\HiJackThis.lnk

[2012.04.28 10:32:01 | 000,003,264 | ---- | C] () -- C:\Users\Juli\Desktop\Attach.zip

[2012.04.28 10:15:13 | 000,000,188 | ---- | C] () -- C:\Users\Juli\defogger_reenable

[2012.04.28 09:21:17 | 000,004,063 | ---- | C] () -- C:\Users\Juli\Documents\DrWeb.csv

[2012.04.15 10:50:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2012.04.01 09:00:35 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.02.09 11:36:21 | 000,000,403 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2012.02.09 11:24:42 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.01.20 15:05:41 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll

[2012.01.20 15:05:41 | 000,069,707 | ---- | C] () -- C:\Windows\SysWow64\DISP_OPT1.dll

[2012.01.20 15:05:41 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\GTWST.dll

[2012.01.20 15:05:39 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2012.01.18 19:37:54 | 000,007,602 | ---- | C] () -- C:\Users\Juli\AppData\Local\locked-Resmon.ResmonCfg.zihr

[2011.08.31 20:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2011.08.31 20:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2011.08.31 20:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011.05.09 12:47:27 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini

[2010.12.21 02:20:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

 
 ========== LOP Check ==========

 

[2012.02.25 15:21:08 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Acronis

[2012.01.23 18:12:39 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Ashampoo

[2012.02.29 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\DAEMON Tools Lite

[2012.04.27 03:02:49 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Duden

[2012.02.21 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\gtk-2.0

[2012.04.28 16:35:10 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\ICQ

[2012.01.26 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\IrfanView

[2012.04.28 16:35:10 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\JabRef 2.7.2

[2012.04.28 16:35:09 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\LyX2.0

[2012.01.24 20:12:11 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Namco

[2012.02.09 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Nuance

[2012.01.22 13:41:35 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\OpenOffice.org

[2012.02.02 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\PlayFirst

[2012.01.26 21:15:22 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Playrix Entertainment

[2012.01.18 18:28:24 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Synaptics

[2012.04.27 03:03:08 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\WildTangentv1001

[2012.02.09 12:11:43 | 000,000,000 | ---D | M] -- C:\Users\Juli\AppData\Roaming\Zeon

[2012.03.10 17:07:09 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A303874F
 

< End of report >

--- --- ---

Hallo,

hier ist der zweite Teil:

2.
Extra.txt

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 29.04.2012 09:09:48 - Run 2

OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\Juli\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,80 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 54,82% Memory free

7,60 Gb Paging File | 5,59 Gb Available in Paging File | 73,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450,59 Gb Total Space | 372,34 Gb Free Space | 82,63% Space Free | Partition Type: NTFS

Drive D: | 14,87 Gb Total Space | 0,00 Gb Free Space | 0,03% Space Free | Partition Type: NTFS

Drive G: | 99,02 Mb Total Space | 82,64 Mb Free Space | 83,46% Space Free | Partition Type: FAT32

 

Computer Name: JULI-PC | User Name: Juli | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0707F2C5-096E-4142-A0C0-5F6BCAA7A4F8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{1EAEB2E4-E191-4F39-8D64-D806F09BDA9F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{2602526C-36B4-4E09-8549-E91C50091BBC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{265DC059-95BE-4A0C-955B-CCC48DE3277C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{3636B118-9B77-4682-9685-92CDC6F29749}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{36BD535F-850F-48EB-9E5E-46FC9D4DAEA5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4B61796C-00B4-4B29-B29C-A0E7017046B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{5EC5154E-4C34-44F4-91C3-EF570CA26464}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{6CC50EF5-0581-4680-988A-68D51095167E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{72E12BB1-1E3A-4F1B-B7E8-7D86E641BCDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{76C4CEDC-CDBB-4D5F-82EF-89E71F4DAB08}" = lport=138 | protocol=17 | dir=in | app=system | 

"{8224C269-4F94-4428-A162-E68B2592F2C1}" = lport=137 | protocol=17 | dir=in | app=system | 

"{8349CE5C-C793-49F7-A076-BB65D259A166}" = rport=139 | protocol=6 | dir=out | app=system | 

"{886A6A74-9410-420F-BC39-0F017656AEE0}" = rport=137 | protocol=17 | dir=out | app=system | 

"{9B209358-8B0B-4242-B162-1A5F35009EE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{AA38CE8F-1884-41C9-8840-45594F6D5424}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 

"{AD5194C9-F24B-4FA0-A53C-0FC48979BC4B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{AF666595-52B4-4C07-949A-3F0BCC00DC44}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 

"{B5A16FC2-75F2-4EA0-8D1E-870F64E2DB19}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{B6C20D4B-1943-40B8-BF57-7AF798937714}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{BEE92E1F-EF88-4E97-BA65-F2918CCDC840}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{C2887135-D2B6-4212-B536-E91D30E1F702}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{CB1C5778-EFFA-4EF4-847E-760B38E8674A}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D3AA9CEC-DA46-428D-A599-92A7CA703190}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{D5BBFB25-7513-4B5F-BFBB-A4EF1A083092}" = rport=138 | protocol=17 | dir=out | app=system | 

"{D8258FB6-75E4-4941-B9C4-70DD4BD493B0}" = rport=445 | protocol=6 | dir=out | app=system | 

"{DEAB340E-B6CB-451E-98D8-0B54A98F6766}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{E2A13C42-D292-491E-AF80-327EBFA33AFC}" = lport=445 | protocol=6 | dir=in | app=system | 

"{E936B3C9-234E-442B-B175-B4787264A7A8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{E967ADE4-238B-453D-B741-BF52C8E0042F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{FCFA57A7-007E-4707-B76E-555B348E2E46}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{FE8DDD9C-C6AD-4A7B-A9BD-85D10412F217}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0131B156-BACB-45EF-8A43-37B88C3079AA}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ppmv.exe | 

"{043BBA18-2876-4F2E-AC13-9416EBC49056}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{071D16D0-7D56-471A-9CCD-70B798778FF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{0C704A80-9840-4091-A598-4B984ADF149D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 

"{11C5CA97-7A46-4509-A49D-27D0781935FE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{137D919A-89BC-4426-AB81-63173AF53D33}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 

"{143CE156-9C18-4F6A-BC0F-2144D9A04DE8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{1A483379-C1D7-4626-A997-C28657C3F616}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{2BB1D4D1-55B0-4416-B116-F832F593D3E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{2C9BBF42-12DD-457B-95A3-4729225E0B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{2F4DD5CA-F658-4BB4-B89F-E44EBFD16ADD}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ppmv.exe | 

"{32B24052-A71D-4ACF-94B2-F99A8C1B4C80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{3433EE09-21EB-4565-AF87-E20B55434C31}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{36513FBF-AD0F-4721-9340-B1E7A895C327}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{3C2405D9-4E76-4047-90E0-7AF321F85376}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 

"{3DCC94FA-D847-454F-9368-9E357D45A0B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{3F808380-898B-431E-B4AD-04E1AFFE6E90}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{44193738-F14E-46E4-BB76-1E64320275A5}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr2003.exe | 

"{461494B4-132D-47FA-BC60-CF26BF061080}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 

"{467961E2-6111-4C36-8B08-54BB5A81FBBD}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe | 

"{4ECECA61-2601-4438-A49B-B3AD1EB65CEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{51812DAD-2915-4EC4-82B6-08C5D554B248}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{54803856-C9D1-47F3-BB41-DA7D38A1D58C}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr.exe | 

"{5F3BFBA3-D5AA-44E1-94E0-C8E217159932}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 

"{68578E08-515F-4F65-B446-1DCD5AAE5358}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{717C284B-1606-4BC0-9C8D-C8EB5F0D0FC6}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe | 

"{7B84B922-A546-4C49-9841-F80796BD6855}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{7F62E07B-82B6-4307-AE19-E3A6D16D3A73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{813DF271-2389-4D88-B9FD-543C2C2F6348}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{84159180-68F1-4A6B-9772-C778957109A9}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr.exe | 

"{8A6EA5B5-D4F1-44A6-A7F7-E9BC4D2FCADB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{8F4C0D73-05BA-4D07-B82E-F05DF8776805}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{9636873B-93B4-4884-978C-F6D058F9B5F1}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\omnipage18\omnipage18.exe | 

"{9C6CFE27-B303-45DB-BB50-FC903165FE16}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{9E30691B-6A72-4BD8-87E0-92FCF465A7B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A0309ABD-1784-4159-9C23-8F059C9B73BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{A21BB7BE-1A70-49C2-8C2F-C437A986150B}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\omnipage18\omnipage18.exe | 

"{A4EBE22A-EFA5-4165-9ADE-1947667B6C39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{AB8629E0-F0EB-41BB-8214-CC0DE7731FF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{ABBEE9C1-88B2-478C-AD5C-0AC1DCB009EB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{AFB85C03-8F50-4030-AF53-FF189B0CBF78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{B82AF000-020F-4F2C-AB0C-75F5925E2C4B}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr2003.exe | 

"{C152D3BB-3E15-4059-A707-B19D9C6D58DC}" = protocol=6 | dir=out | app=system | 

"{C299A6B2-4C25-4375-A74B-69FA5727339B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{C429B94B-F2E7-4D9E-A39A-0140D0E85D39}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 

"{C477EFA1-1F5C-40AB-B550-342E1C469C0E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{C7AA806D-ED0E-4210-8519-0372956D1FB1}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ereg\ereg.exe | 

"{C8D1098A-5DCE-46E1-A35D-E3FB58DAFDD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CC449C00-BE9D-4482-846B-6B10AA533EBD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{D65A7A81-D6A1-48F4-9CF7-6D1EDCB64687}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{D757014A-8A1D-4480-AF2D-FB355C336525}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{DDFF503D-70B9-40A9-84F7-8485E9A79F5C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{E18097D9-D24C-4680-A91E-CA3C096380CA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{E18F03B9-57D8-417C-8C87-C1C49EEB36E7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{E541D918-7E32-4383-9B1F-6840491249D8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{E80DE3BC-3B49-450F-895F-6F4D92C3EDE0}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ereg\ereg.exe | 

"{EA321173-F8DB-4991-94DF-6663F0FB6D6C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{FBCF5527-3F48-455F-B011-DF8950953CDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{067A32A4-7E21-4BAA-95ED-9665BCE035F5}" = NI-RPC 4.1.1f0 for 64 Bit Windows

"{0B7AFE8D-1265-4025-AD23-3624CEAD4F3C}" = NI Xalan Delay Load 1.10.1 64-bit

"{0CADBEE0-59CA-4382-9A67-BA5CB07B6EFC}" = NI Xerces Delay Load 2.7.1 64-bit

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{153DC15F-C59E-4603-BF81-00CEA1116DCA}" = NI LabVIEW Broker (64 bit)

"{174443DD-EF03-41F8-A66D-987EBBBC1517}" = NI System State Publisher (64-bit)

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{21903252-3854-48D6-8F0C-F648CFA818C9}" = NI Help Assistant (64bit)

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)

"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{62208237-D078-4D28-84FA-D1812FF6C940}" = NI Assistant Framework 64-bit

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{79E44BF5-C355-4A5D-8F9F-25F53ACF794E}" = NI VC2008MSMs x64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{9328624D-0388-4F5B-98AB-9FBC5559F8E9}" = NI TDMS (64-bit)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{999A9B8E-4E5C-4DF0-9E9C-FEC1E12190B4}" = NI MAX Support for 64 Bit Windows

"{99FA9ED4-21E6-47E0-B986-F8D0998E453A}" = NI System API Windows 64-bit

"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant

"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{CA7DAF6F-D5F4-46FD-A824-7E0B472C3211}" = NI USI 1.7.0 64-Bit

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support

"{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D0F9AD6F-2C2A-44A8-8961-F21B5356E050}" = NI Logos64 XT Support

"{D4F0D273-9967-4BD8-B85F-FA03C2504475}" = NI DataSocket 4.7.0 (64-bit)

"{D8C0E5E1-3B66-465D-8F9B-F591F5CDA726}" = NI Trace Engine (64-bit)

"{DA7916C4-07D8-45D3-9EE7-BE24811554EB}" = NI-DAQmx - LabVIEW shared documentation for 64 Bit Windows 1.5.0

"{E68686D1-A5BB-467A-8DE7-A01166722607}" = NI VC2005MSMs x64

"{EC90795D-968C-4BCA-B958-27B111F3B3F6}" = NI Logos64 5.1

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FB96D69B-1731-4312-8D92-5768478A0539}" = NI SSL Support (64-bit)

"{FE096FC3-47A3-4555-AF67-1B49BF9DE0B3}" = NI Portable Configuration Help for 64 Bit Windows 4.6.0

"{FF4E0155-F956-4895-9D0A-C3754456C1BE}" = NI MXS 4.6.0 for 64 Bit Windows

"{FFFA9DD7-58D7-464B-BD5B-7224BFC4B039}" = NI Variable Engine (64-bit)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"MatlabR2011a" = MATLAB R2011a

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Recuva" = Recuva

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"VLC media player" = VLC media player 2.0.1

"WinGimp-2.0_is1" = GIMP 2.6.8

"WinRAR archiver" = WinRAR 4.10 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup

"{04B552B1-4EC5-4F1B-9F02-FD3DF5A71184}" = NI Assistant Framework

"{04D66B46-4349-407C-9297-9B43648E4C84}" = NI LabVIEW Run-Time Engine Interop 2009

"{05046BCC-5E64-4A85-8615-D84DE4C1D865}" = NI VC2005MSMs x86

"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create

"{07A99739-82EE-4537-AF2E-1607015D9992}" = NI Service Locator

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{08133ED0-B6EB-49CD-B0EF-60502E41D15E}" = NI Xerces Delay Load 2.7.1

"{094621AC-72E7-4167-8A06-CCDDBEBC233F}" = NI LabVIEW 2009 Help File

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1

"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1

"{0FF78186-41DE-4C50-8C93-EF794068E600}" = NI LabVIEW 2009 Examples

"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19C120B7-F7A6-4105-9D62-1F6305B2E2CF}" = NI DataSocket 4.7.0

"{1AC600E0-EACF-4FAA-9477-3CE8CE711E19}" = NI LabVIEW 2009 Help

"{1B06E3AF-1CE2-4085-AE4E-DFEC369E86D3}" = NI Logos XT Support

"{1D6F0B9D-F19E-43AB-9D8E-2E3653212C72}" = NI LabVIEW 2009 MeasAppChm File

"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBC283A-8B22-48FA-9DFA-6C65E34455FA}" = NI LabVIEW Real-Time NBFifo

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2108E50D-978D-4D62-A837-4F12A61ADF15}" = NI LabVIEW 2009 License

"{25FD6E1F-D73B-44EB-B840-261FF41CFAC5}" = NI Variable Engine LabVIEW 2009 Support

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{278AF4F9-DC1C-49DC-B871-C0BAEBD4F458}" = NI License Manager

"{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog

"{2A98DB42-3743-4022-ADFA-42AE811484AE}" = NI EULA Depot

"{2AD5E818-E2EE-4BBF-A2BF-29022C6FC236}" = NI Assistant Framework LabVIEW 2009 Support

"{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}" = HP Documentation

"{2D72E0EC-D695-4BFB-A246-F07BAAA91AA1}" = NI Remote Provider for MAX 4.6.0

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{2FF17A1B-00A8-4A18-A0D7-6BF2D1510F38}" = NI LabVIEW 2009 Templates

"{30F064A1-6933-4027-BD62-B7BEB1F84711}" = NI LabVIEW 2009 VI.lib

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34EE2F0F-D6EA-4C36-8315-41107048D48D}" = NI-DAQmx - LabVIEW shared documentation

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{383AD0A2-FD79-4CF0-B823-C695E32BD08D}" = NI LabVIEW Run-Time Engine Web Services

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{39BA78A5-5F6C-47E8-98DC-F4398A541273}" = NI LabVIEW 2009 Manuals

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{3F188640-B4F5-44D5-BBF3-DAB70CF5629B}" = NI LabVIEW Compare Utility 9.0.0

"{40D9D764-7FD7-4036-B565-6D94DEEBD4A5}" = NI LabVIEW Merge Utility 9.0.0

"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor

"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML

"{45A5461A-7D1D-4A91-B033-0B85E7AB25C2}" = NI MXS 4.6.0f0 for LabVIEW Real-Time

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D581C40-11D0-476B-A943-76506924B722}" = NI-DSM 2009

"{4E049CBB-01EE-4859-B4C8-26E42263CEE4}" = NI LabVIEW Run-Time Engine 2009

"{50F9A1FC-39D8-46E8-8234-1A1A68A4033E}" = NI Variable Engine 2.3.0

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{52C3DD72-17E5-4E0D-83A8-FB42FCE3A8EF}" = NI-RPC 4.1.1f0 for Phar Lap ETS

"{560C6F9C-8D5E-4EAF-B408-98850E5DF49C}" = Nuance OmniPage 18

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0

"{57F37CA1-6FA3-46D2-8F01-AD3A26FA4E9B}" = NI Assistant Framework LabVIEW Code Generator 2009

"{596C11D1-2285-4057-99F6-735B50EB87E1}" = NI System API RT

"{5A70FCD2-C019-4723-868F-07CD6C7755FF}" = NI Logos 5.1

"{5ACAF333-CED0-4652-B73C-8F63C65B0376}" = NI LabVIEW 2009 Instr.lib

"{6447FE3A-8B2C-41DB-9791-322B8445B3E9}" = NI LabVIEW Deployable License 2009

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7559B6F5-180B-479A-A8CD-2175EFBC61F8}" = NI LabVIEW 2009 Deployment Framework

"{76BB417B-2707-4450-9101-B593CA88C242}" = WinTVR3

"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7

"{7ACFB216-29F7-4331-A5ED-2563AEB51F21}" = NI Trace Engine

"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1

"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime

"{7E7A035C-9DC5-40B0-B873-002B14CCE3B8}" = NI-RPC 4.1.1f0

"{82B8F87D-C75E-4270-B030-49ECDAFF1B53}" = NI MAX Remote Configuration Installer 4.6

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{88D1DA3C-09FA-4CA7-BB6B-2CEACCFA95D5}" = NI System State Publisher

"{89A7BD8C-0FC3-49EF-9072-5C8371C0A4D6}" = NI LabVIEW Web Services Runtime

"{8A1369C7-A314-465C-8C96-040A427CBC85}" = NI LabVIEW 2009 Project

"{8AF869D1-F416-4855-8177-EB75D73CC992}" = NI LabVIEW 2009 Web Server

"{8B43117B-7D68-45D4-8774-32F0B10535B4}" = NI LabVIEW 2009 Deutsch

"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9033A0BF-9B8A-4C27-812B-40BA10855E2D}" = NI LabVIEW 2009 Simulation

"{90ABA0A4-9393-4A17-AB0E-534CE40FB9AF}" = NI LabVIEW 2009 CINtools

"{92769F9C-453B-40C9-B129-6E8E52586C8E}" = NI LabVIEW Broker

"{927C1DDA-61DC-4B95-A138-8A1377E33A9A}" = NI Portable Configuration 4.6.0

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93B8921B-2AC6-4A58-A87C-19B633DB6860}" = NI Software Provider for MAX 4.6.0

"{96094CE5-7920-47FD-8A02-68A7B5B1785F}" = NI System API Windows 32-bit

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F7DBC83-611C-4407-8817-8FD63E149288}" = NI SSL LabVIEW 2009 Support

"{A34D1ADB-6E94-4F42-9D8E-BA2A94C6AAB2}" = NI LabVIEW 2009 gMath

"{A96395DA-AFC5-459E-A374-CE10E84FEEB2}" = NI TDM Excel Add-In 2.1

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries

"{AE9AA575-DE74-4711-B3B3-2977D76CC1BB}" = NI TDMS

"{AF32BE73-E284-444E-B310-7EE80192949B}" = NI LabWindows/CVI DLL Builder for LabVIEW

"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework

"{AFEDF70D-8DC3-40CB-93A0-F276E64BDF9C}" = NI VC2008MSMs x86

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B235F589-9FE7-4A9B-9C4E-AE63D9D254D5}" = Flowery Vale

"{B4285CA3-3EA6-43AD-BD87-DBF842581AB2}" = NI LabVIEW 2009 WWW

"{B5BD3DA8-1A63-4042-90FA-B26C361382C9}" = NI Remote PXI Provider for MAX 4.6.0

"{B8E65E0D-30D8-49BD-B92C-0E77A09545D6}" = NI MAX LabVIEW Support 4.6.0

"{B963C648-249B-4145-BC14-56488262E9A9}" = NI MDF Support

"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager

"{BA0C85C1-E5CC-4F58-84FB-8DA29F3412F0}" = NI Uninstaller

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{C069B072-651F-4CB1-A3F0-0048F9D07B30}" = Duden-Rechtschreibprüfung kompakt

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager

"{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CEDA69AF-DD7A-42A8-B6D3-65BA0592D34E}" = NI Instrument IO Assistant for LabVIEW 9.0 32

"{CF56ABC6-088C-4CC5-A379-5CD72CCF4C45}" = Duden-Rechtschreibprüfung Upgrade Medizin

"{D1032C80-FBB6-450B-8C79-B7F9A64DFFEF}" = NI Logos LabVIEW 2009 Support

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D69E0672-CDB3-4F3D-BE65-9CDB6803F60E}" = NI LabVIEW 2009 Applibs

"{D72AB2C1-D24D-4F17-B3DB-AF51223F293E}" = NI SSL Support

"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard

"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv

"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries

"{DE7C1B86-27EF-4D02-886E-17CC3458034B}" = Nuance Cloud Connector

"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface

"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI

"{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E538C96B-606E-47E3-84D5-62BE82A69E39}" = NI LabVIEW 2009 Resource

"{EBC6DA72-25C9-45E1-9CE4-7EEBC6440538}" = NI LabVIEW 2009 User.lib

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F19E2B0A-2249-45DA-92DB-0CE0DEB8E8A4}" = NI OPC Support

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F723A248-6AAC-4514-AFFB-7414BE02D95B}" = NI LabWindows/CVI 9.0 Run-Time Engine

"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2

"{F827F574-36ED-4D97-820A-AD6F74E02D0D}" = NI MXS 4.6.0

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center

"{F8D407B1-B9A0-4128-8E79-17A6F9433F6C}" = NI Measurement & Automation Explorer 4.6.0

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FB84287D-6425-4867-89AE-6221FCDE2976}" = NI LabWindows/CVI Code Generator

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine

"{FF06AE31-83AF-4277-A719-E697C310D95C}" = NI LabVIEW 2009 Menus

"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9

"Avira AntiVir Desktop" = Avira Free Antivirus

"DAEMON Tools Lite" = DAEMON Tools Lite

"ENTERPRISE" = Microsoft Office Enterprise 2007

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"LyX20" = LyX 2.0.2-1

"MiKTeX 2.9" = MiKTeX 2.9

"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NI Uninstaller" = Software von National Instruments

"PDF Complete" = PDF Complete Special Edition

"SecureW2 Personal Client - Distribution Edition" = SecureW2 Personal Client - Distribution Edition 2.0.7 for Windows

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WT087330" = Bounce Symphony

"WT087361" = FATE

"WT087393" = Mah Jong Medley

"WT087394" = Penguins!

"WT087396" = Polar Bowler

"WT087490" = Jewel Quest Solitaire

"WT087510" = Slingo Deluxe

"WT087513" = Virtual Villagers - The Secret City

"WT087519" = Wedding Dash

"WT087536" = Diner Dash 2 Restaurant Rescue

"WT089308" = Blasterball 3

"WT089328" = Farm Frenzy

"WT089359" = Cake Mania

"WT089362" = Agatha Christie - Peril at End House

"WT089453" = Bejeweled 2 Deluxe

"WT089454" = Chuzzle Deluxe

"WT089455" = Zuma Deluxe

"WT089458" = Plants vs. Zombies - Game of the Year

"WT089460" = Mystery P.I. - The London Caper

"WT089484" = Namco All-Stars PAC-MAN

"WT089492" = Crazy Chicken Kart 2

"WT089493" = Fishdom

"WT089497" = Big Rig Europe

"XobniMain" = Xobni

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 21.04.2012 07:11:58 | Computer Name = Juli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.04.2012 13:47:17 | Computer Name = Juli-PC | Source = SideBySide | ID = 16842761

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files

 (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest". Fehler in Manifest-

 oder Richtliniendatei "C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest"

 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.

 

Error - 22.04.2012 06:03:29 | Computer Name = Juli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.04.2012 02:32:03 | Computer Name = Juli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.04.2012 10:43:03 | Computer Name = Juli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.04.2012 13:54:56 | Computer Name = Juli-PC | Source = SideBySide | ID = 16842761

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files

 (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest". Fehler in Manifest-

 oder Richtliniendatei "C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest"

 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.

 

Error - 24.04.2012 02:47:30 | Computer Name = Juli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 24.04.2012 14:48:01 | Computer Name = Juli-PC | Source = SideBySide | ID = 16842761

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files

 (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest". Fehler in Manifest-

 oder Richtliniendatei "C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest"

 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.

 

Error - 25.04.2012 06:42:32 | Computer Name = Juli-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 25.04.2012 09:49:09 | Computer Name = Juli-PC | Source = WinMgmt | ID = 10

Description = 

 

[ Hewlett-Packard Events ]

Error - 02.02.2012 07:01:15 | Computer Name = Juli-PC | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021202120112.xml

 File not created by asset agent

 

[ HP Software Framework Events ]

Error - 22.03.2012 11:30:40 | Computer Name = Juli-PC | Source = CaslWmi | ID = 5

Description = 2012.03.22 16:30:40.728|000013F8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 22.03.2012 11:32:07 | Computer Name = Juli-PC | Source = CaslWmi | ID = 5

Description = 2012.03.22 16:32:07.553|0000041C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 22.03.2012 11:32:10 | Computer Name = Juli-PC | Source = CaslWmi | ID = 5

Description = 2012.03.22 16:32:10.332|0000157C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 29.03.2012 10:45:36 | Computer Name = Juli-PC | Source = CaslWmi | ID = 5

Description = 2012.03.29 16:45:36.043|00000238|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 05.04.2012 10:48:38 | Computer Name = Juli-PC | Source = CaslWmi | ID = 5

Description = 2012.04.05 16:48:38.362|000004B4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 09.04.2012 10:51:05 | Computer Name = Juli-PC | Source = CaslWmi | ID = 5

Description = 2012.04.09 16:51:05.434|00000A80|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 09.04.2012 10:54:40 | Computer Name = Juli-PC | Source = CaslWmi | ID = 5

Description = 2012.04.09 16:54:40.642|00001B8C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 19.04.2012 12:22:54 | Computer Name = Juli-PC | Source = CaslWmi | ID = 5

Description = 2012.04.19 18:22:54.994|00001750|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 19.04.2012 12:23:56 | Computer Name = Juli-PC | Source = CaslWmi | ID = 5

Description = 2012.04.19 18:23:56.813|00001884|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 26.04.2012 13:18:34 | Computer Name = Juli-PC | Source = CaslWmi | ID = 5

Description = 2012.04.26 19:18:34.118|00001130|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

[ HP Wireless Assistant Events ]

Error - 18.01.2012 12:57:13 | Computer Name = Juli-PC | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 18.01.2012 12:57:13 | Computer Name = Juli-PC | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 18.01.2012 12:58:13 | Computer Name = Juli-PC | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 18.01.2012 12:58:13 | Computer Name = Juli-PC | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 18.01.2012 12:59:13 | Computer Name = Juli-PC | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 18.01.2012 12:59:13 | Computer Name = Juli-PC | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 18.01.2012 13:00:13 | Computer Name = Juli-PC | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 18.01.2012 13:00:13 | Computer Name = Juli-PC | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 18.01.2012 13:01:40 | Computer Name = Juli-PC | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 18.01.2012 13:01:47 | Computer Name = Juli-PC | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

[ System Events ]

Error - 26.04.2012 10:43:47 | Computer Name = Juli-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 26.04.2012 10:43:47 | Computer Name = Juli-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 26.04.2012 10:43:47 | Computer Name = Juli-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 26.04.2012 11:05:23 | Computer Name = Juli-PC | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 26.04.2012 13:09:59 | Computer Name = Juli-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 26.04.2012 13:10:16 | Computer Name = Juli-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 26.04.2012 13:10:31 | Computer Name = Juli-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 26.04.2012 13:26:25 | Computer Name = Juli-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 26.04.2012 13:26:42 | Computer Name = Juli-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

Error - 26.04.2012 13:26:57 | Computer Name = Juli-PC | Source = cdrom | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

 

 

< End of report >

--- --- ---

3.

Ergebnis von Avast

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-29 09:23:33

-----------------------------

09:23:33.744    OS Version: Windows x64 6.1.7601 Service Pack 1

09:23:33.744    Number of processors: 2 586 0x2505

09:23:33.745    ComputerName: JULI-PC  UserName: Juli

09:23:34.923    Initialize success

09:27:38.787    AVAST engine defs: 12042900

09:28:18.490    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

09:28:18.494    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3

09:28:18.513    Disk 0 MBR read successfully

09:28:18.518    Disk 0 MBR scan

09:28:18.528    Disk 0 Windows 7 default MBR code

09:28:18.534    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048

09:28:18.557    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       461405 MB offset 409600

09:28:18.596    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15230 MB offset 945369088

09:28:18.625    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128

09:28:18.690    Disk 0 scanning C:\Windows\system32\drivers

09:28:30.832    Service scanning

09:29:00.324    Modules scanning

09:29:00.339    Disk 0 trace - called modules:

09:29:00.365    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

09:29:00.371    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006367060]

09:29:00.377    3 CLASSPNP.SYS[fffff8800168c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800492d050]

09:29:02.453    AVAST engine scan C:\Windows

09:29:05.241    AVAST engine scan C:\Windows\system32

09:32:37.436    AVAST engine scan C:\Windows\system32\drivers

09:32:54.014    AVAST engine scan C:\Users\Juli

09:35:29.292    Disk 0 MBR has been saved successfully to "C:\Users\Juli\Desktop\MBR.dat"

09:35:29.293    The log file has been saved successfully to "C:\Users\Juli\Desktop\aswMBR.txt"

09:38:52.000    File: C:\Users\Juli\Downloads\OTL.exe  **INFECTED** Win32:Rootkit-gen [Rtk]

09:39:27.524    AVAST engine scan C:\ProgramData

09:40:50.548    Scan finished successfully

09:42:11.147    Disk 0 MBR has been saved successfully to "C:\Users\Juli\Desktop\MBR.dat"

09:42:11.153    The log file has been saved successfully to "C:\Users\Juli\Desktop\aswMBR1.txt"

Viele Grüße
juzi

versuche mal zunächst, deinen Rechner komplett vom Netz/Internet trennen und so das Tool zur Entschlüsselung ausführen...kannst damit weiterhin noch Dateien/Ordner entschlüsseln, oder bringt dieses Vorgehen (auch) nichts?

Zitat:

Zitat von juzi (Beitrag 821513)

Die Recovery-Partion ist auch infiziert. Auch hier wurden Dateien verschlüsselt. Ich habe schon eine Anfrage an HP geschrieben wegen einer Recovery-CD.

was passiert, wenn Du mit dem vorinstallierten Programm "HP Backup and Recovery Manager" startest?
-> http://h10025.www1.hp.com/ewfrf/wc/d...e&dlc=de&cc=de

Hallo,

wenn ich das richtig gesehen habe, konnte ich jetzt alle Dateien entschlüsseln. Ich habe auch die Recovery-Partion entschlüsseln lassen. Der Recovery-Manager lässt sich starten, genau wie auf dieser Seite hxxp://h10025.www1.hp.com/ewfrf/wc/document?docname=c01926029&lc=de&cc=de&dlc=de beschrieben.

Unter anderem Stand folgenden Satz auf der Internetseite:
"Das Notebook ist von einem Virus oder vergleichbarer Malware betroffen, der bzw. die sich nicht mit Antivirensoftware entfernen lässt."

Auf meinem Laptop ist der Trojaner doch entfernt, muss ich trotzdem den Laptop neu Aufsetzen und könnte es Problem wegen der infizierten Recovery-Partion geben? Ich hoffe von HP nächste Woche eine Antwort wegen der Recovery-CD zu bekommen. Leider habe ich jetzt gelesen, wie ich die Recovery-Partion auf DVD hätte brenne können.

Viele Grüße

Juzi

Zitat:

Zitat von juzi (Beitrag 821558)

Unter anderem Stand folgenden Satz auf der Internetseite:
"Das Notebook ist von einem Virus oder vergleichbarer Malware betroffen, der bzw. die sich nicht mit Antivirensoftware entfernen lässt."

wo denn genau hast Du gelesen? welche Seite?

Zitat:

Auf meinem Laptop ist der Trojaner doch entfernt, muss ich trotzdem den Laptop neu Aufsetzen

auf jeden Fall, das System ist nicht mehr vertrauenswürdig!

Zitat:

und könnte es Problem wegen der infizierten Recovery-Partion geben?

ich glaube eher nicht, aber wir haben im Moment noch sehr wenig bis 0 Erfahrung mit diese neu entdeckte Malware. Aber kannst machen, vlt bekommst ja auch dann ein Win CD von HP

Hallo kira,

Zitat:

wo denn genau hast Du gelesen? welche Seite?

Dieses Zitat steht auf der Seite hxxp://h10025.www1.hp.com/ewfrf/wc/document?docname=c01926029&lc=de&cc=de&dlc=de gleich nach dem Absatz "Informationen zum HP Recovery Manager".

Was genau konntest du aus den Daten lesen, welche ich Dir zugeschickt habe? (Text-Files)

Viele Grüße
juzi

1.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

3.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

4.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

5.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

dann schaue mir das nochmal an und kann ich dazu mehr sagen, wie es mit dein System momentan aussieht

Hallo kira,

ich habe meinen Laptop und die externe Festplatte mit dem Windows Unlocker-Anwendung und Rescue Disk 10 von Kaspersky gescannt und es wurde keine Bedrohungen gefunden. Reicht das nicht aus?

Viele Grüße

Juzi

Zitat:

Zitat von juzi (Beitrag 821987)

Ich fühle mich gleich so überflüssig.. :rolleyes:
schade dass Du die von mir empfohlenen Einführungstext nicht gelesen hast!:

Zitat:

Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.

Zitat:

Zitat von juzi (Beitrag 821987)

Reicht das nicht aus?

Wenn du nun eine bessere Methode gefunden hast vorhandene Malware zu beseitigen, als meine, dann mir reicht so sicherlich aus!

Hallo Kira,

recht herzlichen Danke für Deine Hilfe und Deine Unterstützung!

Ich habe eine Menge gelernt in den letzten Tagen. Ich weiß, ich hätte nicht auf eigene Faust handeln soll. Tut mir leid!

Liebe Grüße

juzi

wenn Du um Nummer sicher gehen willst, arbeite die Schritte noch vollständig von hier ab:-> http://www.trojaner-board.de/114259-windows-verschluesselungs-trojaner-originaldatei-groesser-verschluesselte-datei.html#post822029