|  | 
| 
 | |||||||
| Log-Analyse und Auswertung: Achtung! Aus sicherheitsgründen wurde ihr windowssystem blockiert...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. | 
|  | 
|  | 
|  17.01.2012, 21:54 | #1 | 
|  |   Achtung! Aus sicherheitsgründen wurde ihr windowssystem blockiert... Hallo, auch ich habe wie viele andere das problem mit dem schwarzem hintergrund und der anzeige mit dem knopf bezahlen und herunterladen. Hab mich hier schon ein wenig erkundigt und hab mit OTL einen scan durchgeführt. Ich hoffe das ich hier hilfe bekommen kann. OTL Logfile Code: 
  ATTFilter OTL logfile created on: 2012-01-17 21:34:17 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\Kimberly\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 0000041D | Country: Schweden | Language: SVE | Date Format: yyyy-MM-dd 3,97 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,40% Memory free 8,11 Gb Paging File | 6,28 Gb Available in Paging File | 77,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,07 Gb Total Space | 87,17 Gb Free Space | 30,47% Space Free | Partition Type: NTFS Drive D: | 12,02 Gb Total Space | 1,91 Gb Free Space | 15,92% Space Free | Partition Type: NTFS Computer Name: KIMBERLY-PC | User Name: Kimberly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - c:\Users\Kimberly\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\SMINST\BLService.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Users\Kimberly\AppData\Roaming\Microsoft\loadhst.exe (TrueCrypt Foundation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe () MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-ger.dll () MOD - C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll () MOD - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe () MOD - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Rainlendar2\lfs.dll () MOD - C:\Program Files (x86)\Rainlendar2\lua51.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (WDDMService.exe) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe () SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe () SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe () SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe () SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe () SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE () SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo) SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe () SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe () SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (taphss) -- C:\Windows\SysNative\DRIVERS\taphss.sys () DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys () DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys () DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys () DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys () DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys () DRV:64bit: - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys () DRV:64bit: - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys () DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys () DRV:64bit: - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys () DRV:64bit: - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys () DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys () DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys () DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys () DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys () DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys () DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys () DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys () DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys () DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys () DRV:64bit: - (cdrblock) -- C:\Windows\SysNative\DRIVERS\cdrblock.sys () DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys () DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys () DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys () DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys () DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys () DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys () DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys () DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_se&c=91&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_se&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_se&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_se&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_se&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.hotspotshield.com/g/?c=h IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A CF 62 18 80 98 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No CLSID value found IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0 FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1 FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0 FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9 FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1 FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-01-11 21:42:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-08-01 15:36:39 | 000,000,000 | ---D | M] [2010-03-09 16:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly\AppData\Roaming\mozilla\Extensions [2010-03-09 16:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly\AppData\Roaming\mozilla\Extensions\celtx@celtx.com [2011-12-24 22:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimberly\AppData\Roaming\mozilla\Firefox\Profiles\ddiza8ti.default\extensions [2011-12-06 20:35:38 | 000,000,000 | ---D | M] (4shared.com Community Toolbar) -- C:\Users\Kimberly\AppData\Roaming\mozilla\Firefox\Profiles\ddiza8ti.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} [2010-12-11 10:46:02 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Kimberly\AppData\Roaming\mozilla\Firefox\Profiles\ddiza8ti.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011-04-07 19:01:10 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Kimberly\AppData\Roaming\mozilla\Firefox\Profiles\ddiza8ti.default\extensions\en-GB@dictionaries.addons.mozilla.org [2011-12-24 22:38:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011-12-22 21:47:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-11-10 21:19:20 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com [2010-03-09 16:27:32 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG [2010-03-09 16:27:32 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM [2010-03-09 16:27:32 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE [2010-03-09 16:27:32 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG [2010-03-09 16:27:32 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG [2010-03-09 16:27:32 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG [2010-03-09 16:27:32 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG [2012-01-11 21:42:57 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011-05-04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-01-11 21:42:54 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml [2012-01-11 21:42:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012-01-11 21:42:54 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml [2011-06-21 19:12:32 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml [2012-01-11 21:42:54 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml [2012-01-11 21:42:54 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml [2012-01-11 21:42:54 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml O1 HOSTS File: ([2006-09-18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [{9B0F5ACC-F8C2-11DE-B017-806E6F6E6963}] C:\Users\Kimberly\AppData\Roaming\Microsoft\loadhst.exe (TrueCrypt Foundation) O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe () O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Kimberly\Pictures\Gia Marie Carangi\GiaWall4.jpg O24 - Desktop BackupWallPaper: C:\Users\Kimberly\Pictures\Gia Marie Carangi\GiaWall4.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1723fe2d-4ec3-11df-a38e-00269e2e29ce}\Shell - "" = AutoRun O33 - MountPoints2\{1723fe2d-4ec3-11df-a38e-00269e2e29ce}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{44f09cce-2133-11df-81b9-00269e2e29ce}\Shell - "" = AutoRun O33 - MountPoints2\{44f09cce-2133-11df-81b9-00269e2e29ce}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{4a42ace1-13f9-11df-9b28-00269e2e29ce}\Shell\Auto\command - "" = Start.exe O33 - MountPoints2\{4a42ace1-13f9-11df-9b28-00269e2e29ce}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe O33 - MountPoints2\{4c592f9e-0227-11e0-aca6-00269e2e29ce}\Shell - "" = AutoRun O33 - MountPoints2\{4c592f9e-0227-11e0-aca6-00269e2e29ce}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{69b2d3fd-fd11-11de-af92-00269e2e29ce}\Shell - "" = AutoRun O33 - MountPoints2\{69b2d3fd-fd11-11de-af92-00269e2e29ce}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{79770aeb-caf9-11df-b4f4-00269e2e29ce}\Shell - "" = AutoRun O33 - MountPoints2\{79770aeb-caf9-11df-b4f4-00269e2e29ce}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{82be6530-3f61-11e0-bc91-00269e2e29ce}\Shell - "" = AutoRun O33 - MountPoints2\{82be6530-3f61-11e0-bc91-00269e2e29ce}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\{83cf1984-cd30-11df-a5c5-00269e2e29ce}\Shell - "" = AutoRun O33 - MountPoints2\{83cf1984-cd30-11df-a5c5-00269e2e29ce}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{83cf1985-cd30-11df-a5c5-00269e2e29ce}\Shell - "" = AutoRun O33 - MountPoints2\{83cf1985-cd30-11df-a5c5-00269e2e29ce}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9c1ae034-1df5-11df-8253-00269e2e29ce}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL lAERiAW.Exe O33 - MountPoints2\{a62b893e-440b-11df-a7e4-00269e2e29ce}\Shell - "" = AutoRun O33 - MountPoints2\{a62b893e-440b-11df-a7e4-00269e2e29ce}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{fa065450-2060-11df-8d78-00269e2e29ce}\Shell - "" = AutoRun O33 - MountPoints2\{fa065450-2060-11df-8d78-00269e2e29ce}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011-12-24 22:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2011-12-24 22:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar [2011-12-24 22:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2011-12-22 21:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011-12-22 21:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2011-12-22 21:46:16 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [1 C:\Users\Kimberly\Documents\*.tmp files -> C:\Users\Kimberly\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-01-17 21:32:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-01-17 21:32:13 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-01-17 21:32:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-01-17 21:31:58 | 4260,560,896 | -HS- | M] () -- C:\hiberfil.sys [2012-01-16 00:12:05 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKimberly.job [2012-01-11 10:22:19 | 001,458,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-01-11 10:22:19 | 000,622,880 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012-01-11 10:22:19 | 000,600,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-01-11 10:22:19 | 000,128,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012-01-11 10:22:19 | 000,106,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-01-09 15:15:27 | 414,106,322 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-12-30 03:09:30 | 007,806,877 | ---- | M] () -- C:\Users\Kimberly\Documents\Gotye- Somebody That I Used To Know (feat. Kimbra)- official film clip (HD).mp3 [2011-12-30 02:41:58 | 011,812,820 | ---- | M] () -- C:\Users\Kimberly\Documents\Gotye- Somebody That I Used To Know (feat. Kimbra)- official film clip (HD).mp4 [2011-12-22 21:46:21 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [1 C:\Users\Kimberly\Documents\*.tmp files -> C:\Users\Kimberly\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011-12-30 03:09:13 | 007,806,877 | ---- | C] () -- C:\Users\Kimberly\Documents\Gotye- Somebody That I Used To Know (feat. Kimbra)- official film clip (HD).mp3 [2011-12-30 02:40:35 | 011,812,820 | ---- | C] () -- C:\Users\Kimberly\Documents\Gotye- Somebody That I Used To Know (feat. Kimbra)- official film clip (HD).mp4 [2011-12-22 21:46:21 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011-11-10 21:21:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2010-12-05 04:37:09 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010-12-05 04:37:09 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010-07-04 01:49:30 | 000,000,732 | ---- | C] () -- C:\Users\Kimberly\AppData\Local\d3d9caps64.dat [2010-06-26 21:26:46 | 000,006,836 | ---- | C] () -- C:\Users\Kimberly\AppData\Local\d3d9caps.dat [2010-04-09 20:12:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010-02-08 01:35:07 | 000,024,226 | ---- | C] () -- C:\Users\Kimberly\AppData\Roaming\UserTile.png [2010-01-26 22:05:57 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\pavedius5db.dll [2010-01-26 22:05:57 | 000,030,720 | ---- | C] () -- C:\Windows\SysWow64\pavedius.dll [2010-01-26 22:05:57 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\pavplal.dll [2010-01-26 22:00:36 | 000,013,312 | ---- | C] () -- C:\Users\Kimberly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-07-20 02:18:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009-01-22 06:05:52 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009-01-22 06:05:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009-01-21 23:36:44 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2008-12-31 12:55:34 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2008-01-21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008-01-21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006-11-02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006-11-02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006-11-02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006-11-02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2011-03-22 13:07:58 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\4shared Desktop [2010-05-17 15:34:18 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\aerix [2010-01-26 22:36:26 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Canopus [2011-01-06 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\com.adobe.ExMan [2010-01-22 14:19:20 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\FloodLightGames [2010-04-26 18:50:27 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\GetRightToGo [2010-03-09 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Greyfirst [2010-04-26 15:39:25 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\HandBrake [2010-07-17 19:41:18 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Magic Academy [2010-02-08 01:35:06 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\PeerNetworking [2010-08-22 10:14:08 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\PlayFirst [2011-06-16 10:26:19 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Spotify [2011-03-22 21:05:59 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\uTorrent [2010-02-25 03:26:09 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\Western Digital [2010-01-17 02:40:37 | 000,000,000 | ---D | M] -- C:\Users\Kimberly\AppData\Roaming\WildTangent [2012-01-17 21:30:32 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Kimberly\Documents\JoJo - Marvin's Room (Can't Do better) (Thy Phan Cover).mp4:TOC.WMV < End of report > Code: 
  ATTFilter OTL Extras logfile created on: 2012-01-17 21:34:17 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = c:\Users\Kimberly\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 0000041D | Country: Schweden | Language: SVE | Date Format: yyyy-MM-dd
 
3,97 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,40% Memory free
8,11 Gb Paging File | 6,28 Gb Available in Paging File | 77,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,07 Gb Total Space | 87,17 Gb Free Space | 30,47% Space Free | Partition Type: NTFS
Drive D: | 12,02 Gb Total Space | 1,91 Gb Free Space | 15,92% Space Free | Partition Type: NTFS
 
Computer Name: KIMBERLY-PC | User Name: Kimberly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01165EE3-DFFF-4947-A4E6-A4692E148FE1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0279C1A8-1812-455A-A485-8A446B7D64F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{072C6095-D8F9-4D1B-9B06-146ECCA25B7B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15F00D76-5E2D-42CF-9924-07872176E171}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{1D67AB40-7219-4E2D-9B77-F80EC510ADD7}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{30ACF2A5-CFCD-4E8B-A1BC-DEC40F780D84}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6180663E-97B1-45AC-8C7A-6796710A4C0B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{883A1AA6-26BD-48AE-B650-C0CA630AB5C0}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |
"{A7E336F2-E6B4-4D8C-84AB-B457F61A1BCC}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{B68010F8-E815-4460-9C52-558591463D0F}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011C74F5-8947-4A2C-8129-8E13661E1FE3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0603C651-84D6-45CD-9FEB-C44C06F222AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17B68A6A-DC40-41DF-8FA8-2B985832A386}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{18B860A6-99F0-4DA1-930B-825F18844A1E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{29AC6924-657F-4C08-A228-A80346C3F580}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{34ECE476-299E-4AE9-B9C1-DC15AC275465}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{46345F22-0B39-475D-8525-40B126D60690}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{549AB17B-06FE-44DD-939E-61A0DB4681A2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{5A42D546-5EFC-47A2-B523-F4C67B7C0537}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{655D6753-AC97-4748-B3CA-73073BDE6D67}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{7805B161-7E58-4AE6-9E18-B427096AFDFC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{78C8330B-AD2A-4A92-A7B6-70E262103472}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{7EB2D9D5-17E8-462A-BF90-2B2D4AC0DEC7}" = protocol=6 | dir=in | app=c:\users\kimberly\downloads\facemoods.exe |
"{8206D729-6C35-4D0D-8C2F-7FC98FEEBDBA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{86BABBF7-D5C1-494C-931D-5245C12F49EE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{87DC8231-3D73-4032-9200-F992C928C93C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8AC4C5EE-15CA-4F88-A655-595DE2CD9261}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{91E1036E-CDF4-41CF-BCA0-80641117C0F9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{9355E692-E319-4238-BBFD-FB173055D496}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{A6D825F8-7920-4008-A6CD-1700A6D3D225}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{D0F52FA7-1A57-4FFB-A847-A996932701D6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{D8E4886D-A1F6-4867-B2A8-44D979C55DC7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{E667FDBA-1DC7-4311-B5E2-7C69F4F8F740}" = protocol=17 | dir=in | app=c:\users\kimberly\downloads\facemoods.exe |
"{E8F8A593-9041-4DBC-A1C7-838DB4519E70}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"TCP Query User{03290A9A-5F97-4431-8922-A7674B049D2D}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{308E8345-3A34-4731-95CC-D5DEF2D5A82E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{5558E4E9-923C-4C60-8B37-9C3FB4ECAA28}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{BF437BAC-365A-41D1-A13E-BAD27C28BAB2}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{6D02C9BF-4E5F-4EC2-9270-83BD8299102D}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{DFF08627-A9E2-4485-A809-ACADAD7C9B56}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{E1639113-D3B5-4C1B-81E4-B23B2C5A28F5}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{F460DD89-E2D3-4D95-80EA-139EEE84747A}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{191C1158-D287-4074-B749-D4CDD321E062}" = ProtectSmart Hard Drive Protection
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3975CE71-3544-9FBA-56E5-2E9709E348C5}" = ATI Catalyst Install Manager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7F67AF0E-DF48-0198-E0F3-F1C9F7A6FC22}" = ccc-utility64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BAC619B-B811-4318-8C27-B11DDF3F1719}" = WD SmartWare
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03B1C701-5B73-4a25-BB9B-9F5178349E7B}" = EDIUS 5 Settings
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}" = Catalyst Control Center Localization Greek
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}" = CCC Help Turkish
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0EEF3E07-3971-5080-2A3F-910691DA1135}" = Catalyst Control Center Graphics Previews Vista
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}" = Catalyst Control Center Graphics Full New
"{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}" = CCC Help Thai
"{12C11B2C-00F3-AF06-94D4-1AAF70616507}" = Catalyst Control Center Graphics Light
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255C206B-4776-1D14-9EDD-2F9458847739}" = ccc-core-static
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34CFF761-7AD1-7C1A-4513-79B3E2F54290}" = CCC Help Greek
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}" = Catalyst Control Center Localization Chinese Standard
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}" = CCC Help Spanish
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}" = Catalyst Control Center Localization Italian
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46345EA6-1608-2E99-B47F-D83725A5C4D9}" = CCC Help Hungarian
"{46ACB9C1-6109-088B-931F-B7A5CE735504}" = CCC Help Italian
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{51B8CA01-3E68-9993-E6F3-7F8982A0F600}" = CCC Help Finnish
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{650A275F-75B8-B71E-4C9D-04E952A63E5F}" = Catalyst Control Center Graphics Previews Common
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6756A967-2904-DE46-3265-4BB80B934904}" = Catalyst Control Center Localization Chinese Traditional
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6ABE0E28-3A8E-4ADC-A050-784064B76236}" = HP User Guides 0134
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{735DAC68-3FF4-2895-83A2-DBF135AB9F44}" = CCC Help German
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}" = Catalyst Control Center Localization German
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}" = CCC Help Chinese Traditional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}" = Catalyst Control Center Localization Hungarian
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}" = CCC Help French
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{99AF6670-F557-F4D3-3069-AE62DA675A70}" = Catalyst Control Center Localization French
"{9B88930B-A7E7-03E5-1313-BED90FCCF72C}" = CCC Help Swedish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F19486B-B187-5A51-189F-FCCEBBB70E2E}" = Catalyst Control Center Localization Dutch
"{A019B329-BFA8-3F59-6F80-6A3714104CE9}" = CCC Help English
"{A107F928-EED3-28FC-857F-ED33FEDBA02A}" = Catalyst Control Center Localization Korean
"{A15B2786-6F7E-0B96-A222-141202F9CECC}" = CCC Help Japanese
"{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}" = CCC Help Korean
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A9359BA2-B496-8E14-EDA9-923DBE8913CB}" = Catalyst Control Center Localization Thai
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Svenska
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3D11644-94AB-17E7-D9CF-52EF943D9F52}" = Catalyst Control Center Localization Spanish
"{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}" = Catalyst Control Center Localization Japanese
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}" = Catalyst Control Center Localization Swedish
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}" = CCC Help Chinese Standard
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}" = CCC Help Danish
"{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}" = Catalyst Control Center Localization Polish
"{C7D02E19-07F2-8EE5-7C18-1617A656AF74}" = Catalyst Control Center Localization Turkish
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C91CC841-7B39-9454-4A16-91C7FF300EC8}" = CCC Help Portuguese
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}" = Catalyst Control Center Graphics Full Existing
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6EA6018-0F5B-E4CC-C930-990412BED306}" = Catalyst Control Center Localization Czech
"{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}" = Skins
"{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}" = CCC Help Czech
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DFC21203-E063-A351-8027-F5D43162539D}" = CCC Help Norwegian
"{E0FE7850-04F8-D01A-971F-C7B00F8D003A}" = Catalyst Control Center Localization Russian
"{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}" = Catalyst Control Center Core Implementation
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E651B083-2904-8342-5C27-39800B39E03B}" = CCC Help Polish
"{E6695454-03CD-146E-4A10-75FCB5AFE3FB}" = Catalyst Control Center Localization Finnish
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}" = CCC Help Russian
"{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}" = Catalyst Control Center Localization Norwegian
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F98DF01D-F1C3-3878-FCE6-F749729A8949}" = CCC Help Dutch
"{FA8B6532-78E9-490B-B97D-32379E16810E}" = EDIUS 5(SetupManager)
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9
"{FDBA2850-0054-7733-527B-A6286D639345}" = Catalyst Control Center Localization Portuguese
"4shared Desktop" = 4shared Desktop
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AOL Toolbar" = AOL Toolbar 5.0
"Celtx (2.7)" = Celtx (2.7)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.09
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"lmms" = LMMS 0.4.10
"Mozilla Firefox 9.0.1 (x86 sv-SE)" = Mozilla Firefox 9.0.1 (x86 sv-SE)
"Rainlendar2" = Rainlendar2 (remove only)
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Spotify" = Spotify
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"VLC media player" = VLC media player 1.0.1
"WT081914" = Trapped - The Abduction
"WTA-0d712ed9-05b1-4dd8-baba-af180f7a4b8d" = Dream Chronicles - The Book of Air Collector's Edition
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 2012-01-08 23:10:21 | Computer Name = Kimberly-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 2012-01-08 23:11:07 | Computer Name = Kimberly-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 2012-01-09 10:16:55 | Computer Name = Kimberly-PC | Source = WDSmartWareBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[]
 args)
 
Error - 2012-01-09 10:17:15 | Computer Name = Kimberly-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-01-09 14:48:29 | Computer Name = Kimberly-PC | Source = WDSmartWareBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[]
 args)
 
Error - 2012-01-09 14:48:53 | Computer Name = Kimberly-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-01-10 09:53:25 | Computer Name = Kimberly-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 2012-01-10 09:53:42 | Computer Name = Kimberly-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 2012-01-10 09:53:42 | Computer Name = Kimberly-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 2012-01-11 06:56:50 | Computer Name = Kimberly-PC | Source = EventSystem | ID = 4621
Description =
 
[ System Events ]
Error - 2012-01-17 15:52:27 | Computer Name = Kimberly-PC | Source = HTTP | ID = 15016
Description =
 
Error - 2012-01-17 15:52:59 | Computer Name = Kimberly-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 2012-01-17 15:52:59 | Computer Name = Kimberly-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 2012-01-17 16:24:49 | Computer Name = Kimberly-PC | Source = HTTP | ID = 15016
Description =
 
Error - 2012-01-17 16:25:28 | Computer Name = Kimberly-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 2012-01-17 16:25:28 | Computer Name = Kimberly-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 2012-01-17 16:29:09 | Computer Name = Kimberly-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet
 NIC (NDIS 6.0)" (PCI\VEN_10EC&DEV_8168&SUBSYS_3624103C&REV_02\4&2d42a977&0&00E1)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 2012-01-17 16:32:58 | Computer Name = Kimberly-PC | Source = HTTP | ID = 15016
Description =
 
Error - 2012-01-17 16:33:12 | Computer Name = Kimberly-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 2012-01-17 16:33:12 | Computer Name = Kimberly-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
          | 
|  18.01.2012, 12:31 | #2 | 
| /// Malware-holic       |   Achtung! Aus sicherheitsgründen wurde ihr windowssystem blockiert... hi__________________ starte mal neu, drücke f8 wähle abgesicherter modus mit netzwerk, da kannst du arbeiten Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop. 
 
				__________________ | 
|  | 
| Themen zu Achtung! Aus sicherheitsgründen wurde ihr windowssystem blockiert... | 
| 64-bit, achtung!, adobe after effects, alternate, antivirus, autorun, bho, cs4/contributeieplugin.dll, defender, downloader, error, firefox, flash player, format, helper, home, hotspot, hotspot shield, install.exe, intranet, langs, maßnahme, microsoft office word, office 2007, openvpn, pixel, plug-in, problem, realtek, registry, rundll, scan, schweden, security update, senden, server, software, svchost.exe, third party, udp, usb, vista, wurde ihr, youtube downloader |