| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner ohne "locked"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2012, 13:32
| #1 |
| |  Verschlüsselungstrojaner ohne "locked" Moin moin, gestern kam ein Bekannter mit seinem PC zu mir, er hatte sich einen Verschlüsselungstrojaner eingefangen. Wie oftmals ist das auf dem E-Mail weg passiert. Er hatte eine Email mit anhängender Rechnung, laut betreff 5000€, geöffnet und sich den trojaner dabei eingefangen. Der PC stellte danach nur, die auch bei den Hinweisen auf dieser Seite dargestellte, Meldung dar und war nicht mehr zu gebrauchen. Auch ein Neustart des PC's brachte keine Änderung meinte er. Ich habe daraufhin den PC im abgesicherten Modus gestartet. Das ging problemlos. Dort habe ich herausgefunden dass sämtliche privaten Dateien umbenannt und verschlüsselt wurden. Hauptsächlich betroffen sind MP3's und Bilder. Die Dateinamen lassen auch keinen Rückschluss auf das Original zu. Die Dateiendung wurde entfernt und die Namen bestehen aus scheinbar willkürlich aneinandergereihten Buchstaben, z.B. aGqlNEpQAVgpsvs. Interessant ist: die mp3's scheinen nicht verschlüsselt zu sein sondern nur umbenannt. herausgefunden habe ich das, indem ich eine der mp3 Dateien manuell umbenannt habe, und ein ".mp3" angehängt habe. Danach ließ er sich Problemlos abspielen. Um die Daten zu retten ließen sich also ev. über ein script aus den mp3's die Informationen auslesen und so wieder Dateinamen erzeugen. Bei den Bildern funktioniert das leider nicht, die sind wirklich verschlüsselt. Nachdem ich soweit gekommen war, habe ich versucht den PC noch einmal normal zu starten, und siehe da: es klappte! Sogar der Virenscanner (Antivir glaube ich, müsste aber nachsehen) erkannte einen Befall (besser spät als nie). So verschob ich die gefundene Datei in Quarantäne, das Problem war aber noch nicht behoben. Noch ist alles verschlüsselt. Bei der weiteren Suche nach Lösungsmöglichkeiten bin ich dann auf dieses Forum gestoßen und habe mir Malewarebytes Anti Maleware runtergeladen und einen vollständigen Scan gestartet. 11 Befälle hat er gefunden. Da ich sie nicht in Quarantäne verschieben konnte (keine ahnung warum) habe ich sie erst einmal nicht gelöscht, da auch Registrierungseinträge dabei waren (wenn ich das richtig gesehen habe) und mir unsicher war ob ich den PC damit komplett zerschieße. Die log-Datei des Scans habe ich unten angehängt. Da ich den PC nach Rettung der Daten eh komplett neu aufsetzen werde habe ich noch versucht die oben genannten Tools zur Entschlüsselung Laufen zu lassen. Leider Ohne erfolg. Scareuncrypt generierte noch einen Schlüssel, funktionierte aber leider nicht. Die anderen Tools unterstützten entweder nur die (hier im forum oft erwähnte) "locked"-Version oder meinten, die Dateien würden nicht übereinstimmen. Es wäre klasse wenn ihr mir helfen könntet die Daten irgendwie zu retten. Danke schon mal und viele Grüße Schimmy P.S.: hier die log-Datei des Scans: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.12.08 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 7.0.6002.18005 Björn Speer :: BJÖRN [Administrator] Schutz: Aktiviert 12.06.2012 22:21:04 mbam-log-2012-06-12 (23-54-44).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 423115 Laufzeit: 1 Stunde(n), 33 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\4. Stuff\system\XP Upgrade Paket (Nr-changer sr-1)\eseXXDaaepplTasXp (Trojan.Downloader) -> Keine Aktion durchgeführt. C:\Users\Björn Speer\AppData\Local\Temp\wzwWYmCA.exe.part (Trojan.FakeAlert) -> Keine Aktion durchgeführt. C:\Users\Björn Speer\Downloads\ddeangelo-verdopple.deine.dates.pdf.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\Björn Speer\Downloads\Verdopple-Deine-Dates.pdf.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt. (Ende) Moin moin, zum zweiten, entschuldigt bitte dass ich "pushe" mir ist nur gerade aufgefallen, dass ich die logdateien der OTL-Tools vergessen habe anzuhängen, daher kommen die hier noch mal dazu. Das System ist ein 64bit system, daher keine logs vom Gmer. Viele Grüße Schimmy OTL.txt: Code:
ATTFilter OTL logfile created on: 14.06.2012 17:38:51 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,03% Memory free 8,20 Gb Paging File | 6,24 Gb Available in Paging File | 76,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,50 Gb Total Space | 68,45 Gb Free Space | 23,97% Space Free | Partition Type: NTFS Drive D: | 12,58 Gb Total Space | 1,97 Gb Free Space | 15,68% Space Free | Partition Type: NTFS Computer Name: BJÖRN | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 17:33:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.06.08 17:14:04 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe PRC - [2012.06.08 17:14:00 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.13 15:21:38 | 008,585,728 | ---- | M] (Media Finder) -- C:\Program Files (x86)\Media Finder\MF.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2012.01.03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2009.06.22 16:13:48 | 000,304,592 | ---- | M] () -- C:\Users\***\Desktop\Programme\WTGService.exe PRC - [2009.05.14 17:31:02 | 000,157,456 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2009.05.14 17:30:18 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2008.09.26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.09.25 19:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.09.25 19:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.09.24 19:08:26 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2008.09.24 19:08:26 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe ========== Modules (No Company Name) ========== MOD - [2012.06.08 17:14:05 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll MOD - [2012.06.08 17:14:00 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.03.13 13:37:22 | 000,957,952 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\_4shared.dll MOD - [2012.03.08 15:45:26 | 000,318,976 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\letitbit.dll MOD - [2012.03.07 16:15:28 | 000,314,880 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\rapidshare.dll MOD - [2012.02.28 11:44:44 | 000,318,464 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\wupload.dll MOD - [2012.02.27 16:59:58 | 000,318,464 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\depositfiles.dll MOD - [2012.02.27 14:09:12 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\uploadstation.dll MOD - [2012.02.27 14:09:10 | 000,362,496 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\uploading.dll MOD - [2012.02.27 14:09:10 | 000,318,464 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\unibytes.dll MOD - [2012.02.27 14:09:10 | 000,317,440 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\turbobit.dll MOD - [2012.02.27 14:09:08 | 000,357,376 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\madshare.dll MOD - [2012.02.27 14:09:08 | 000,318,976 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\hotfile.dll MOD - [2012.02.27 14:09:08 | 000,313,344 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\furk.dll MOD - [2012.02.27 14:09:06 | 000,437,760 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\extabit.dll MOD - [2012.02.27 14:09:06 | 000,359,936 | ---- | M] () -- C:\Program Files (x86)\Media Finder\Plugins\filepost.dll MOD - [2008.09.25 19:42:26 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.06.30 01:10:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.21 22:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe -- (STacSV) SRV:64bit: - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2008.03.18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv) SRV - [2012.06.08 17:14:04 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0) SRV - [2012.05.04 19:04:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.03.18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.22 16:13:48 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Users\***\Desktop\Programme\WTGService.exe -- (WTGService) SRV - [2009.05.14 17:30:18 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.24 19:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS) SRV - [2008.09.24 19:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS) SRV - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.10.14 22:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2010.04.24 10:46:34 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2009.07.21 22:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2008.11.17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R) DRV:64bit: - [2008.08.06 05:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2008.07.22 17:42:34 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008.07.21 12:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR) DRV:64bit: - [2008.04.29 03:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir) DRV:64bit: - [2008.03.27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2008.03.27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2008.01.21 04:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM) DRV:64bit: - [2008.01.21 04:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam) DRV:64bit: - [2008.01.21 04:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R) DRV:64bit: - [2008.01.21 04:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2008.01.18 13:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2007.06.18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2006.10.04 03:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV - [2008.10.31 16:19:36 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys -- (cmnsusbser) DRV - [2008.09.26 03:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {00925011-8573-4D8C-866D-78AAF82A2159} IE:64bit: - HKLM\..\SearchScopes\{00925011-8573-4D8C-866D-78AAF82A2159}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE:64bit: - HKLM\..\SearchScopes\{46169191-57A4-409E-9D31-B03CAEF4D7D0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{E8BE737F-96D5-4F93-8792-90110318282F}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829} IE - HKLM\..\SearchScopes\{00925011-8573-4D8C-866D-78AAF82A2159}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{46169191-57A4-409E-9D31-B03CAEF4D7D0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{E8BE737F-96D5-4F93-8792-90110318282F}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=0a750ede000000000000000000000000 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{00925011-8573-4D8C-866D-78AAF82A2159}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110482&mntrId=0a750ede000000000000000000000000 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=02CB3F82-E0A1-4010-8D62-E31B5059B9BB&apn_sauid=1BE5BD30-0F00-4104-B58F-67B0B23E33A2 IE - HKCU\..\SearchScopes\{46169191-57A4-409E-9D31-B03CAEF4D7D0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={9D14AB6C-0D9B-4363-9F0A-7A75338AA80A}&mid=d95e0df3e04cfa17d858be76b6b34694-6b261e79cc309275eae3ab23055d0a7fe1999153&lang=de&ds=AVG&pr=fr&d=2012-06-08 17:14:07&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{E8BE737F-96D5-4F93-8792-90110318282F}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bd2103079-84d5-4a05-88df-d972a4115360%7D&mid=d95e0df3e04cfa17d858be76b6b34694-6b261e79cc309275eae3ab23055d0a7fe1999153&ds=AVG&v=10.2.0.3&lang=de&pr=fr&d=2011-11-26%2015%3A29%3A23&sap=ku&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6c: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.06.11 23:17:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.08 17:14:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.08 17:11:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.04 19:04:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.17 18:48:22 | 000,000,000 | ---D | M] [2009.02.03 21:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.05.02 20:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8yb2nihk.default\extensions [2010.08.20 16:23:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8yb2nihk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.04.02 20:27:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8yb2nihk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.02.19 16:12:57 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8yb2nihk.default\extensions\ffxtlbr@babylon.com [2012.04.16 21:49:10 | 000,000,000 | ---D | M] (Ask Toolbar Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8yb2nihk.default\extensions\toolbar@ask.com [2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\askcom.xml [2012.06.08 16:32:27 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-1.xml [2011.12.12 21:00:39 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-10.xml [2012.01.17 20:15:14 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-11.xml [2012.02.19 16:13:35 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-12.xml [2012.03.21 21:00:27 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-13.xml [2012.04.17 18:56:26 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-14.xml [2012.06.08 17:25:32 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-15.xml [2011.05.01 11:36:23 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-2.xml [2011.05.13 13:26:25 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-3.xml [2011.06.18 11:48:01 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-4.xml [2011.07.03 16:30:52 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-5.xml [2011.07.09 11:18:53 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-6.xml [2011.08.17 20:53:21 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-7.xml [2011.11.01 19:14:34 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-8.xml [2011.11.26 16:31:20 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin-9.xml [2011.03.25 00:05:58 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8yb2nihk.default\searchplugins\icqplugin.xml [2012.05.04 19:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.08 17:11:34 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK [2012.06.11 23:17:11 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4 [2012.06.08 17:14:32 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7 File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8YB2NIHK.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8YB2NIHK.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM [2012.05.04 19:04:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.16 21:37:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.03.20 19:58:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.08 17:13:55 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.02.19 14:50:51 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.03.20 19:58:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.20 19:58:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.20 19:58:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.20 19:58:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.20 19:58:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\***\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll (Media Finder) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\Winampa.exe" File not found O4 - HKCU..\Run: [Media Finder] C:\Program Files (x86)\Media Finder\MF.exe (Media Finder) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: = O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files (x86)\ICQ\ICQ.exe (ICQ Inc.) O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files (x86)\ICQ\ICQ.exe (ICQ Inc.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AF4DF39-9B39-4D6D-8C05-CC04B6E1DA33}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{00b583c3-4b81-11df-a907-00235a1e4cdb}\Shell - "" = AutoRun O33 - MountPoints2\{00b583c3-4b81-11df-a907-00235a1e4cdb}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{5a29fd7d-8eb6-11e0-b329-00235a1e4cdb}\Shell - "" = AutoRun O33 - MountPoints2\{5a29fd7d-8eb6-11e0-b329-00235a1e4cdb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{88c43eba-dc20-11de-8562-00235a1e4cdb}\Shell\AutoRun\command - "" = F:\FRITZWLANMINI.EXE O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.12 22:20:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.11 23:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.06.11 20:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.11 20:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.11 20:45:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.11 20:45:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.09 13:24:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Wkmmm [2012.06.08 17:14:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AVG Secure Search [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.14 17:36:09 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.14 17:30:57 | 100,368,171 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.06.14 17:24:37 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.06.14 17:24:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 17:24:22 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 17:24:20 | 000,032,441 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.06.14 17:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 17:23:53 | 4292,825,088 | -HS- | M] () -- C:\hiberfil.sys [2012.06.14 02:13:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.06.13 20:56:45 | 000,372,846 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.06.13 07:18:18 | 001,467,822 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 07:18:18 | 000,637,340 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 07:18:18 | 000,603,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 07:18:18 | 000,130,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 07:18:18 | 000,107,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 03:46:35 | 000,398,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 22:15:45 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.11 23:17:11 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.06.11 23:02:41 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll [2012.06.10 16:07:07 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2012.06.09 13:39:14 | 000,000,095 | ---- | M] () -- C:\Windows\winamp.ini [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.14 17:36:09 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.12 21:39:13 | 000,853,990 | ---- | C] () -- C:\Users\***\Desktop\DSC00374.JPG [2012.06.12 21:38:46 | 000,837,748 | ---- | C] () -- C:\Users\***\Desktop\DSC00373.JPG [2012.06.12 21:38:20 | 000,837,748 | ---- | C] () -- C:\Users\***\Desktop\EoEnLoEnLEoLnoE [2012.06.12 21:38:01 | 000,853,990 | ---- | C] () -- C:\Users\***\Desktop\QuQJJuQJJQuJvuQJvQuvJ [2012.06.11 23:00:31 | 4292,825,088 | -HS- | C] () -- C:\hiberfil.sys [2012.06.11 20:45:15 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk ========== LOP Check ========== [2011.11.26 16:27:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012 [2012.02.19 14:50:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2009.03.02 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.05.12 09:48:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2012.03.27 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Finder [2009.02.03 23:54:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2011.03.12 08:39:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Programme [2009.02.02 21:09:51 | 000,000,000 | -H-D | M] -- C:\Users\***r\AppData\Roaming\Template [2012.06.11 23:04:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wkmmm [2012.06.14 02:13:05 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.06.2012 17:38:51 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,03% Memory free
8,20 Gb Paging File | 6,24 Gb Available in Paging File | 76,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,50 Gb Total Space | 68,45 Gb Free Space | 23,97% Space Free | Partition Type: NTFS
Drive D: | 12,58 Gb Total Space | 1,97 Gb Free Space | 15,68% Space Free | Partition Type: NTFS
Computer Name: BJÖRN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 09 05 BD 7F 93 E7 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3446160547-4114333373-975575311-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{55A102A6-67D0-49D8-B372-4CBDE450BD1C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{61DE8D27-582B-4ED7-90D6-34D863BF3985}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5780AD9-1991-4D99-9D39-94F23106D5AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013C100A-7AB7-4F10-9F16-9717D21A0A7D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{11C4A478-DBDD-4FA4-905C-D0F37A1173B1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{137580FE-D2A6-408E-9CB2-BDE214FC07C8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{18479E79-B377-4BD5-B9FD-4FC66681F4E0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1B0C6631-0CC8-4FDA-BD80-270A636F41B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{2196C71A-EDF8-4437-91AF-E5BEE9EC37C1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{232B4EEA-CB11-4572-80B0-61C18A9819EB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{27EECD82-5D43-4177-A92A-AD547912A406}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{2846DF60-544C-4082-9AE3-DD90409D47CF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{3503BEB5-614C-4078-8663-6A1E21504464}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{3D4112DF-F142-45B1-A1F4-279E3782B7DE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3F863DFD-5669-4486-930E-856CD0CEA89C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{6588DB85-2758-4CF3-AC55-A2621A203E38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6B1868A2-2429-4900-84EB-4B1512FC9EB4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{6DCEC55F-9FCA-421D-A016-A205AE47585D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{70CAB9B5-86C8-44F8-B6B2-A7925FB8CAD2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{70D82781-71D8-4443-8D4B-D8D31D3C10A9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{73B11A60-6675-4BAA-B6FD-1CAAE30A0384}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{81416067-B6F7-4391-9A7B-17367B019C1A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{8680DB79-CC24-4B5B-932D-8921C8DDECD9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{89641392-FE7F-4F3D-A95D-BE04E901D572}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{8D98E2E7-D0F8-4E43-A789-BCBC5053F957}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{9353B9A0-B56A-444F-8CE5-A9FC00B3FAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B27EF8E8-3E25-44A3-AA32-E9BADEAC8A34}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{B4C4CDB7-28EB-4B00-B4D7-A60121131B74}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
"{B75B1814-5F7D-4C35-9A94-E1ADDEDFE41C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{BA5599A6-CFA7-4B4C-9914-5D13AA75CFE2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{BADA1469-6DC6-4955-88A1-28DF12E0878F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{BD1DF1D1-3EFC-4D91-94F2-3FBF319BCBF5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C228FF09-2FAB-470A-9421-8BAD26F15AFB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{C4761E81-9802-4750-B823-06D6173CDB53}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{D437FD53-CDA5-49F5-B9F6-593DCBAD46D0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{D8C85B1E-590A-48D8-B0B7-75E92D6AE9D2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{DE5D2F7C-2BB9-4C72-A137-9D3F0C30425B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F7D9A9B2-EF9A-4EE9-A95B-4E2640DB9560}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{FF1D0915-F840-4DDB-88AB-3F0D27383504}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{1C5E1E38-E4A8-4EAE-890D-D139C7564547}C:\program files (x86)\icq\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq\icq.exe |
"TCP Query User{668E0C61-D1ED-4C49-A3DB-9F6ED7D11D89}C:\3. games\poker.com\client.exe" = protocol=6 | dir=in | app=c:\3. games\poker.com\client.exe |
"TCP Query User{77C29337-D217-4D93-99C4-FB349DC085F0}C:\program files (x86)\icq\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq\icq.exe |
"TCP Query User{D1244E13-A16B-4D94-94ED-12BB4D3AD229}C:\3. games\poker.com\client.exe" = protocol=6 | dir=in | app=c:\3. games\poker.com\client.exe |
"TCP Query User{F2CEE06D-7EA5-4A4D-AC6E-30C4680F9B0F}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{1105637F-9DDB-41AA-99C4-D0C22B9C15EC}C:\program files (x86)\icq\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq\icq.exe |
"UDP Query User{136E2C98-1BD7-4CED-A271-BE949FD6AB5C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{7B7056B3-DE0D-4C25-81E1-BABC2278617D}C:\program files (x86)\icq\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq\icq.exe |
"UDP Query User{9F0C84E0-27C8-4911-AE01-81E2A8410DB6}C:\3. games\poker.com\client.exe" = protocol=17 | dir=in | app=c:\3. games\poker.com\client.exe |
"UDP Query User{D9BFD84E-0864-4BD4-8E26-7747475D0371}C:\3. games\poker.com\client.exe" = protocol=17 | dir=in | app=c:\3. games\poker.com\client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{191C1158-D287-4074-B749-D4CDD321E062}" = ProtectSmart Hard Drive Protection
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{240FCE0B-F553-4ab3-9C7B-3CD082FCA117}" = NetDeviceManager64
"{3850334B-82B7-4875-BEFD-CB91F2527565}" = 64 Bit HP CIO Components Installer
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"AVG" = AVG 2012
"B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"CanonMyPrinter" = Canon My Printer
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{414C790F-E24E-461B-983A-2AD84474DE4B}_is1" = Media Finder 1.0.9.20
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A68C62E8-B243-4777-89BB-12173DFA1D45}" = OLYMPUS Digital Camera Updater
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDB86C0A-0F05-CB9F-24B0-ADBA2D0768CA}" = Zoosk Messenger
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"Audio 180" = Audio 180
"BabylonToolbar" = Babylon toolbar on IE
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ICQ" = ICQ
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR Archivierer
"XSManager" = XSManager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Poker.com" = Poker.com
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.04.2012 09:38:46 | Computer Name = björn | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.0.1.924, Zeitstempel
0x48da0ed1, fehlerhaftes Modul MSVCR71.dll, Version 7.10.3052.4, Zeitstempel 0x3e561eac,
Ausnahmecode 0xc0000005, Fehleroffset 0x00010428, Prozess-ID 0x98c, Anwendungsstartzeit
01cd208ba6802af2.
Error - 24.04.2012 13:35:01 | Computer Name = björn | Source = WinMgmt | ID = 10
Description =
Error - 24.04.2012 13:44:36 | Computer Name = björn | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.0.1.924, Zeitstempel
0x48da0ed1, fehlerhaftes Modul MSVCR71.dll, Version 7.10.3052.4, Zeitstempel 0x3e561eac,
Ausnahmecode 0xc0000005, Fehleroffset 0x00010428, Prozess-ID 0xcac, Anwendungsstartzeit
01cd224076bc12fc.
Error - 24.04.2012 13:44:45 | Computer Name = björn | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.0.1.924, Zeitstempel
0x48da0ed1, fehlerhaftes Modul MSVCR71.dll, Version 7.10.3052.4, Zeitstempel 0x3e561eac,
Ausnahmecode 0xc0000005, Fehleroffset 0x00010428, Prozess-ID 0x460, Anwendungsstartzeit
01cd2241ee4f795c.
Error - 25.04.2012 11:46:15 | Computer Name = björn | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2012 11:55:47 | Computer Name = björn | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.0.1.924, Zeitstempel
0x48da0ed1, fehlerhaftes Modul MSVCR71.dll, Version 7.10.3052.4, Zeitstempel 0x3e561eac,
Ausnahmecode 0xc0000005, Fehleroffset 0x00010428, Prozess-ID 0x34c, Anwendungsstartzeit
01cd22fa61ff3d7d.
Error - 26.04.2012 13:38:10 | Computer Name = björn | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2012 13:47:52 | Computer Name = björn | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.0.1.924, Zeitstempel
0x48da0ed1, fehlerhaftes Modul MSVCR71.dll, Version 7.10.3052.4, Zeitstempel 0x3e561eac,
Ausnahmecode 0xc0000005, Fehleroffset 0x00010428, Prozess-ID 0xcc8, Anwendungsstartzeit
01cd23d342b3bdb0.
Error - 27.04.2012 12:05:16 | Computer Name = björn | Source = WinMgmt | ID = 10
Description =
Error - 27.04.2012 13:04:32 | Computer Name = björn | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.0.1.924, Zeitstempel
0x48da0ed1, fehlerhaftes Modul MSVCR71.dll, Version 7.10.3052.4, Zeitstempel 0x3e561eac,
Ausnahmecode 0xc0000005, Fehleroffset 0x00010428, Prozess-ID 0xde4, Anwendungsstartzeit
01cd248f67293207.
[ OSession Events ]
Error - 03.08.2010 12:07:57 | Computer Name = björn | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.06.2012 21:50:13 | Computer Name = björn | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 13.06.2012 01:15:02 | Computer Name = björn | Source = Service Control Manager | ID = 7011
Description =
Error - 14.06.2012 11:25:30 | Computer Name = björn | Source = Service Control Manager | ID = 7000
Description =
Error - 14.06.2012 11:25:58 | Computer Name = björn | Source = Service Control Manager | ID = 7022
Description =
Error - 14.06.2012 11:25:59 | Computer Name = björn | Source = Service Control Manager | ID = 7026
Description =
Error - 14.06.2012 11:26:14 | Computer Name = björn | Source = Service Control Manager | ID = 7001
Description =
Error - 14.06.2012 11:28:31 | Computer Name = björn | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_30F4103C&REV_00\4&120488ab&0&01E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 14.06.2012 11:28:32 | Computer Name = björn | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 14.06.2012 11:28:32 | Computer Name = björn | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 14.06.2012 11:28:32 | Computer Name = björn | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
|
|
15.06.2012, 18:38
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verschlüsselungstrojaner ohne "locked" Es gibt leider keine Mögichkeit alle Daten zu retten. Man kann einfach nur ans Backup appellieren.
__________________Zur Entschlüsselung/Wiederherstellung bitte die fette Hinweisbox oben beachten!
__________________ |
|
20.06.2012, 15:48
| #3 |
| | Verschlüsselungstrojaner ohne "locked" Schade, aber trotzdem vielen Dank für die Mühe. Inzwischen ist der PC formatiert und läuft wieder.
__________________Viele Grüße Schimmy |
|
| Themen zu Verschlüsselungstrojaner ohne "locked" |
| administrator, anti maleware, antivir, aufsetzen, autostart, avg secure search, avg security toolbar, babylon toolbar, babylontoolbar, befall, crypt, dateien, dateisystem, e-mail, email, explorer, file, forum, gelöscht, heuristiks/extra, heuristiks/shuriken, image, install.exe, intranet, log-datei, microsoft, microsoft office word, mp3, neu aufsetzen, neustart, olympus, plug-in, pup.adware.agent, rechnung, scan, searchscopes, secure search, seite, software, starten, suche, temp, vista, visual studio, vtoolbarupdater, warum |
Linear-Darstellung
