| |
| |||||||
Log-Analyse und Auswertung: Generic Exploit.f Verschlüsselungstrojaner (via E-Mail)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
13.06.2012, 14:10
| #1 |
| |  Generic Exploit.f Verschlüsselungstrojaner (via E-Mail) Hallo, gestern habe auch ich auf den Anhang solcher "Rechnungsmail´s" geklickt und die Nachricht mit der UCash "Sicherheitsbezahlung" bekommen. Dieses Problem hab ich ziemlich schnell selbst lösen können, sprich ich habe wieder den vollen Zugriff auf das System, zumindest ist mir so nichts anderes aufgefallen. Nun haben die ganzen Dateien eine wirre Buchstaben zusammenstellung. Betroffen sind alle Arten von Dateien ob nun Bilder (png,jpg,gif), Musik (mp3,wmv,flac)...... . Bsp.: Aus dem Beispielbild "Hortensien" wurde "yGoGnofUyqxsyNxLv". Durch McAfee habe ich dann herausgefunden welcher Trojaner am Werk ist und wurde "isoliert". Davon hab ich auch ein Screenshot gemacht evtl. kann der auch helfen. Denn dort ist der Pfad der Datei mit drauf. Betroffen von der Verschlüsselung sind beide Festplatten betroffen C: & D:. Im Startsystem habe ich keine fehlenden Einträge gefunden, zumindest fällt mir davon nichts auf. Ich weiß nicht ob ich den Trojaner-Anhang hier als Anhang setzten darf, deshalb lass ich das erstmal. Backups sind leider nicht vorhanden, was sich aus dieser "Lektion" ändern wird, falls diese Information von wichtigkeit ist. Das sind eigentlich schon alle Sachen die mir aufgefallen sind. Und dann nöchte ich mich von mal dafür bedanken, dass es so ein Projekt gibt die einem dabei helfen solche Schädlinge wieder loszuwerden. Gruß Das OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.06.2012 22:59:38 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,98 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 54,13% Memory free 11,96 Gb Paging File | 8,89 Gb Available in Paging File | 74,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,92 Gb Total Space | 269,32 Gb Free Space | 58,94% Space Free | Partition Type: NTFS Drive D: | 456,92 Gb Total Space | 76,07 Gb Free Space | 16,65% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.12 22:55:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.01 05:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.08.01 05:32:10 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.09 08:09:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.19 03:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe PRC - [2010.12.01 13:35:06 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) -- c:\xampp\FileZillaFTP\FileZillaServer.exe PRC - [2010.07.28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe PRC - [2010.07.28 18:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe PRC - [2010.07.28 18:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe ========== Modules (No Company Name) ========== MOD - [2012.06.09 14:35:06 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8bc2e721cb34a40d113df609593d09c7\IAStorUtil.ni.dll MOD - [2012.06.09 03:09:59 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9b24ceabcec0e6585573eba2837ae0a5\PresentationFramework.ni.dll MOD - [2012.06.09 03:09:49 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0ada55b589d5afc9fbcece80a97ad64b\PresentationCore.ni.dll MOD - [2012.06.09 03:09:47 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d231b57b4658ef8ac5e04f0a38aea210\System.Windows.Forms.ni.dll MOD - [2012.06.09 03:09:41 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f750eaacd177ac6247919035d58643a5\WindowsBase.ni.dll MOD - [2012.06.09 03:09:40 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\e5815f5d63d01768714c92c2decbf04c\System.Drawing.ni.dll MOD - [2012.06.09 03:07:01 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll MOD - [2012.06.09 03:06:36 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.06.09 03:06:31 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.22 03:53:32 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.05.22 03:48:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\367af7fc22650701edfa7e8ecadcb273\IAStorCommon.ni.dll MOD - [2012.05.22 03:31:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.22 03:30:38 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.22 03:30:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.22 03:30:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.22 03:30:32 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.22 03:30:23 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.22 03:27:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7ce183c1bf9fef5fd29cddc5a86878be\System.Runtime.Remoting.ni.dll MOD - [2012.05.22 03:23:32 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.22 03:09:00 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.22 03:07:12 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.22 03:07:08 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.22 03:07:05 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.22 03:07:01 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.09.21 22:32:19 | 000,115,137 | ---- | M] () -- C:\Users\Rene Gollin\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll MOD - [2011.08.01 05:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.01.19 03:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2011.01.19 03:08:04 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.28 18:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll MOD - [2010.07.28 18:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll MOD - [2010.06.23 19:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll MOD - [2010.06.23 19:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll MOD - [2010.06.23 19:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll MOD - [2010.06.23 19:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll MOD - [2010.06.23 18:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll MOD - [2010.02.10 21:48:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2012.05.22 03:31:18 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.21 14:49:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.15 22:15:58 | 000,822,048 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0004881339517058mcinst.exe -- (0004881339517058mcinstcleanup) McAfee Application Installer Cleanup (0004881339517058) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.03.01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.09 08:09:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.02.01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011.02.01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [Auto | Running] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.07.28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben) SRV - [2009.03.30 05:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) SRV - [2009.03.30 05:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.07.10 06:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.08 23:17:12 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.07.28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.12 09:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.11.06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R) DRV:64bit: - [2010.09.06 09:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.07.20 12:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010.07.20 12:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2010.07.20 12:38:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.07.20 12:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.startxxl.com/" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.04 22:55:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.06.12 04:48:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.06.12 18:04:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.21 15:32:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.10 11:57:45 | 000,000,000 | ---D | M] [2011.07.03 16:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.05.22 02:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g5uzs9wq.default\extensions [2012.05.21 14:00:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g5uzs9wq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.04.27 18:26:22 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g5uzs9wq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.04.27 18:26:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g5uzs9wq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.22 02:45:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g5uzs9wq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.02.06 20:07:41 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g5uzs9wq.default\extensions\DTToolbar@toolbarnet.com [2011.07.06 23:37:48 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\g5uzs9wq.default\extensions\YPlayer@yummy.net [2012.06.06 14:42:11 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin-1.xml [2012.02.27 23:45:52 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin-10.xml [2012.05.21 13:53:51 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin-11.xml [2011.08.29 13:50:15 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin-2.xml [2011.09.06 19:37:04 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin-3.xml [2011.09.17 14:43:14 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin-4.xml [2011.10.08 21:45:24 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin-5.xml [2011.10.13 19:50:42 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin-6.xml [2011.11.14 19:36:10 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin-7.xml [2011.12.06 18:19:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin-8.xml [2012.02.06 14:02:07 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin-9.xml [2011.08.12 23:34:18 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g5uzs9wq.default\searchplugins\icqplugin.xml [2012.06.10 11:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.10 11:57:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2011.07.03 16:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2011.07.03 16:01:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.06.12 04:48:43 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE [2011.12.04 22:55:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2011.10.15 10:49:24 | 000,012,361 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G5UZS9WQ.DEFAULT\EXTENSIONS\SUPPORT@STARTXXL.COM.XPI [2012.02.06 14:01:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.06 14:01:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.06 14:01:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.06 14:01:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.06 14:01:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.06 14:01:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.06 14:01:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120612010753.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120612010753.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\Rene Gollin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Rene Gollin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CEBE391-1334-40D3-844D-A452260C9BFC}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A8C9014-2FE2-430E-86E5-5DCC0069EF11}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FABFCB93-F72E-447D-8F71-2ABD4163E217}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f51d65dc-c1e9-11e0-ad22-1078d2eb979d}\Shell - "" = AutoRun O33 - MountPoints2\{f51d65dc-c1e9-11e0-ad22-1078d2eb979d}\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.12 14:39:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.12 14:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.12 14:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.12 14:39:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.12 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.12 12:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.06.12 04:50:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.06.11 17:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com [2012.06.11 17:54:55 | 000,289,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys [2012.06.11 17:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2012.06.11 17:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee [2012.06.11 17:40:59 | 000,162,192 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe [2012.06.10 11:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.06.08 13:56:31 | 000,000,000 | ---D | C] -- C:\Oli [2012.06.08 13:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.06.01 09:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur [2012.06.01 09:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro [2012.05.22 14:35:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TS3Client [2012.05.22 14:34:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.05.22 14:34:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TeamSpeak 3 Client [2012.05.22 14:11:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2012.05.21 15:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.05.21 15:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.05.21 14:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012.05.21 14:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2012.05.21 14:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012.05.21 14:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment ========== Files - Modified Within 30 Days ========== [2012.06.12 23:04:03 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.12 22:51:10 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.12 22:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.12 19:59:24 | 001,860,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.12 19:59:24 | 000,789,116 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.12 19:59:24 | 000,732,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.12 19:59:24 | 000,183,516 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.12 19:59:24 | 000,155,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.12 14:39:21 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.12 14:32:00 | 001,004,493 | ---- | M] () -- C:\Users\***\Desktop\Screenshot.png [2012.06.12 12:27:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.12 12:27:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.12 12:22:57 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2012.06.12 12:21:07 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.12 12:17:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.12 12:17:32 | 522,727,423 | -HS- | M] () -- C:\hiberfil.sys [2012.06.12 09:16:49 | 001,837,240 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.11 23:05:13 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.02 13:48:22 | 004,886,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.22 14:34:22 | 000,001,238 | ---- | M] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk [2012.05.22 14:11:24 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012.05.22 14:11:13 | 000,000,312 | ---- | M] () -- C:\Users\***\Desktop\Curse Client.appref-ms [2012.05.22 13:24:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2012.05.21 15:44:37 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012.05.21 15:32:42 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.21 14:08:43 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk ========== Files Created - No Company Name ========== [2012.06.12 22:51:10 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.12 14:39:21 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.12 14:32:00 | 001,004,493 | ---- | C] () -- C:\Users\***\Desktop\Screenshot.png [2012.06.11 17:55:37 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2012.05.22 14:34:22 | 000,001,238 | ---- | C] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk [2012.05.22 14:11:24 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012.05.22 14:11:13 | 000,000,312 | ---- | C] () -- C:\Users\***\Desktop\Curse Client.appref-ms [2012.05.22 13:24:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2012.05.21 15:32:42 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.21 14:01:58 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.11.26 01:10:41 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011.11.26 01:10:41 | 000,017,857 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011.09.05 17:19:53 | 000,000,099 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2011.07.20 20:59:23 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.07.17 18:10:29 | 001,837,240 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.06 23:37:44 | 000,352,648 | ---- | C] () -- C:\Windows\SysWow64\SysCheck2.dll [2011.07.05 00:10:42 | 000,007,600 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.07.03 19:51:09 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.07.03 16:01:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.22 07:46:01 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2011.07.04 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2011.11.11 21:53:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.08.07 18:11:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2011.07.19 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.08.08 23:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.08.18 21:34:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.11.06 16:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hunspell [2012.06.12 02:18:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.07.03 19:58:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2011.07.03 15:53:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OEM [2011.07.03 16:36:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.08.17 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2011.07.10 23:45:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst [2011.07.10 23:28:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2011.08.05 22:32:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2011.08.09 20:25:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skip-Bo [2012.06.09 04:31:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2011.07.21 21:09:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.12 04:50:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.07.17 18:10:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.06.11 17:18:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.08.17 21:13:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Weaverslave [2012.06.12 12:20:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96 < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.06.2012 22:59:38 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,98 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 54,13% Memory free
11,96 Gb Paging File | 8,89 Gb Available in Paging File | 74,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,92 Gb Total Space | 269,32 Gb Free Space | 58,94% Space Free | Partition Type: NTFS
Drive D: | 456,92 Gb Total Space | 76,07 Gb Free Space | 16,65% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{158C46F7-5000-4056-A17A-39D9BD81C4E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{26FFA1AA-C616-40BD-86B5-212BC65F6491}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{29D93ADC-086E-457B-8E30-53C791151236}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2A34D5D6-7608-4692-A15A-F13540294232}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41719814-C75B-4286-8B7D-AADDCAEDA260}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{49048496-DF25-4D1C-BB54-F2D84244AF36}" = lport=139 | protocol=6 | dir=in | app=system |
"{4A8D1331-C552-402A-B69D-29FBDCC33AD2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5048BBBB-542E-4E6D-9C10-548A2527D808}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52FA0488-5375-4160-B8F0-C8915DE382A6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5AA74AAE-852A-48B5-928D-8F7CC93677BE}" = rport=139 | protocol=6 | dir=out | app=system |
"{5D223F72-5DB0-435E-9705-B1B435FBC825}" = rport=10243 | protocol=6 | dir=out | app=system |
"{615A8DFB-2047-42CE-A8E5-6A86131416AF}" = rport=137 | protocol=17 | dir=out | app=system |
"{786CC9FD-F726-4E8A-B4E3-B48E6C884C3C}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A77A957-0F20-49EE-B44E-16BB18841B68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{83B14ED1-7603-40A6-8DD5-C35EA7DF5A68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B439857-B109-47DF-A351-9EAA407D294C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8C7DE365-06C7-4005-98C6-89D81828094E}" = rport=138 | protocol=17 | dir=out | app=system |
"{9C058462-ECEB-4BA3-B71E-F64207A64497}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D89392C-724C-48E0-91AB-14C59CA8EE29}" = rport=445 | protocol=6 | dir=out | app=system |
"{A32EE435-A71B-4E78-8FDD-C7EA23D9AB45}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7BE4F31-32A3-434E-B5A0-65B13DC18E2E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AB91B974-D5AC-492D-8948-63792A9D1D06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABC085B8-6BDF-4E3D-9417-4320FDC57D75}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B5FDAF4F-EF1A-4E86-8B6F-CFFF228ED94D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF48390A-A893-4DC2-98A9-857B948F6ADB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C0DD7588-E684-4345-B2D2-740DA513B0F2}" = lport=137 | protocol=17 | dir=in | app=system |
"{C4107565-4244-47F1-9B18-E51AE368A237}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA913350-6A56-47B4-AF37-B8F8F2487AA4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DBCDC75F-F4E7-4B2F-83CD-BABFF9AAF55F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF8D4BD7-E11C-4A11-856A-591BCB689B37}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F999DC56-33AE-4E63-AE5B-40269A808E57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA8171EB-D083-44F6-950C-C4D3960671E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE53F41C-B6D5-4CA6-B4CC-77CA49B6A96D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EA5FB3-D4C7-48E5-BACE-7E6523CAF680}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{03D729C2-C263-4CC4-B3E2-45FD5747C7BE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{07FC25D6-AB94-41EA-8392-D4978F879B77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C86256C-406D-49A9-AB4C-78CBA50A02F9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0CF060AD-9BB2-43FD-8BEA-487C6FF20A12}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\dmrengine.exe |
"{147A2534-4F48-43BA-B4E7-9F58D814191E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{17FFF897-32D8-40CA-93B1-06ED27F89F67}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{1D9306BC-216E-401D-AAFB-A28888715F17}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{2010392F-B279-4272-AAF8-3B39EFED6D34}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{23D45B8E-6CBA-44FF-A70C-872EF93B4860}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{26B25FA1-9B36-4969-9511-46BD937BA36F}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{2BC8D864-6E88-4B84-87E5-16ABCF2E0EEC}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{2FA8E357-0B64-43DC-951E-D63DB2A03032}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3A0AC5F2-DE80-4C12-B93B-8D3A319D6F3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43452BAF-D24B-4FE1-A9BF-94E4F5B6C6FA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{43C60F06-663E-4206-8D05-BEAA3BB2823A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45F985CB-188B-4291-A97E-C146C040BB4A}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{4766AC72-C10A-43ED-95EB-412F024B8837}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{47815857-B6A0-44D6-AF14-1948D99F05E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AAD55A8-CD93-4389-835A-4C14C2FDD912}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4D3E26D1-13EA-402F-87CB-BB9F8DA9FA15}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{51B0C150-D608-43DF-B831-8E07753DDE1E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{55474641-0595-4943-9EE7-46B757122545}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{557E4EC5-EBAF-400D-943D-339C16C72290}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5E5A81A6-8983-458D-B621-BE1378E82467}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{62CD47E7-80C0-4BD0-AA84-A7620BA55FC8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{63646ABE-9F19-4D70-A3CC-86A5FDEA9989}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{68100563-3A33-40F3-A85D-4A009837F1B0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{69B7AB1D-D86F-4938-8F18-8027F2A53991}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\clmlsvc.exe |
"{6D2C67A7-549D-432C-8448-650038BC60D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70C84AEE-CB70-4E0F-A7DB-78A2D78F7C0D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{71D83177-7314-4A6F-811B-A3C2CAE1965A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{72B17218-EBDE-4CA7-8B90-F241BA8EFE99}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7A0B264C-9D01-4EBC-8D4E-2A2840CBE995}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7AABF1F8-565B-43A3-AAF6-5A79557C798B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7E03F5B0-DE1B-421E-8C2B-A87F5E50F73E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80F35EAE-1897-410B-8DA0-2C1A514C9E58}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{830F4403-B8B1-4DCE-8F12-6348699DE622}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe |
"{8683F902-7EE9-48E9-BC71-255871C589F3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8EDA00E2-9193-48A8-8973-67518359FF01}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{987B9303-FFB6-49D7-9ED7-B97669A2DB3A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{9A76880B-4B5D-44BE-8978-503190AA0A33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9CD36B69-0D84-4CFD-BFC6-520CFD2282F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B2090164-4810-45D9-A080-626636D06111}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B41480AB-EC6B-4ED8-BC89-BD9E3D427CA7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{B5E75C83-DBCF-4219-9384-61DF314A499C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B814ACBF-4E46-4CAD-A304-0560C2291E41}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{B971D527-1839-454A-B3B0-DF4416B34816}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA3AC7FE-E135-4324-8CD3-F831D93FBF4D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BE3717EA-B12E-4D72-B62D-C128BC75AC67}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C615E3E8-6ACC-46CF-8353-284E7569007D}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{CBEE85CD-FFFD-4734-91C6-1F7E2B866579}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CE51C945-127A-4BA6-A52E-56AD36242F93}" = protocol=6 | dir=out | app=system |
"{CE9D656C-A294-41F0-A1EB-9D45C66B030D}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{D2C4C43A-87FA-4EA6-8DF6-81A5C706377B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D6110811-5D88-43AA-B7B6-A2F1E14DF0E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DA0BF58D-0433-4438-B25F-1DCE82267BC9}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{DC1289F9-AC3A-44CB-9254-D5F9CF81AF0A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DC3C03C6-D4B2-42F7-988C-0ACAC931F93C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DD7CBFF2-5531-4633-A2B1-D338BCB073E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD9C8689-9BA2-4E0A-B4E6-8C01797C025D}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{DEF324A2-6F10-41A5-B878-3618E7E5F67E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{E29AB100-49D8-46A4-9ED2-5A15DAE735EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3315ACC-32E9-4A67-A572-1AD59585D015}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E46267D3-0412-48FC-A302-05A111AA1665}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E6CA4739-8746-4E31-8CE3-3BE0D0980B7F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{E81B70CE-8D0C-4D31-86E3-A9EA7B4FB55B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{ECEDD135-0FE3-4491-9151-D623A4793430}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F129452F-EFF5-48AE-BB69-2F04753978E4}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{F3831F85-9650-4971-95EA-9298516188D0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F657012E-5BB3-4ADE-8B8C-DCB80C3D90BF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{FF40617D-0FF5-43FC-84EA-BFCD2ECAF468}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FFBE4FF1-54BF-49B8-8A89-ACF88BB2DFF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21 (64-bit)
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1" = Sothink SWF Editor Version 1.0
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37DD5BB3-9DB4-4D92-9E50-16F2AD14A317}" = MySQL Server 5.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{889c1686-2039-4bef-b6fe-e55f7893efd6}" = Nero 9 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3A3F5C5-E95B-456D-952B-DDEC3AF68319}_is1" = Metaboli Player
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.03.05.8039
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.2.7
"AppInventor Setup" = AppInventor Setup
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Setup" = DivX-Setup
"Google Chrome" = Google Chrome
"Hotkey Utility" = Hotkey Utility
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"Incomedia WebSite X5 v8 - Evolution" = Incomedia WebSite X5 v8 - Evolution
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Music Maker Hip Hop Edition 3 D" = MAGIX Music Maker Hip Hop Edition 3 5.0.0.2 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"MSC" = McAfee AntiVirus Plus
"MyFreeCodec" = MyFreeCodec
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.51.1087" = Opera 11.51
"Steam App 50620" = Darksiders
"SWFPlayer_is1" = SWFPlayer 2.6.2.0
"TeamViewer 6" = TeamViewer 6
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"xampp" = XAMPP 1.7.4
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"b7067284ce66b00d" = Kontakte
"Draw 4 App" = Draw 4 App
"MyFreeCodec" = MyFreeCodec
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.05.2012 06:56:34 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm ARA.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1d4c Startzeit:
01cd3b2df5649778 Endzeit: 14 Anwendungspfad: C:\Program Files (x86)\Symantec\Norton
Online Backup\ARA.exe Berichts-ID: 7001e921-a721-11e1-9a99-1078d2eb979d
Error - 29.05.2012 09:44:52 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "89500". Das erste
DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 29.05.2012 09:44:52 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "89500". Das erste
DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 29.05.2012 09:44:52 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 29.05.2012 09:44:55 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "89500". Das erste
DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 29.05.2012 09:44:55 | Computer Name = ***-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "89500". Das erste
DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 29.05.2012 09:47:21 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.17.12.6702,
Zeitstempel: 0x4d5299c3 Name des fehlerhaften Moduls: NVSVC64.DLL, Version: 8.17.12.6702,
Zeitstempel: 0x4d52973e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000042a6c
ID
des fehlerhaften Prozesses: 0x520 Startzeit der fehlerhaften Anwendung: 0x01cd3da060ae9681
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\nvvsvc.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\NVSVC64.DLL Berichtskennung: cfda7987-a994-11e1-a177-1078d2eb979d
Error - 29.05.2012 10:32:06 | Computer Name = ***-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 01.06.2012 04:23:49 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\SoftonicDownloader_fuer_curse-client.exe". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 01.06.2012 04:23:54 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\SoftonicDownloader_fuer_tor.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
[ System Events ]
Error - 25.05.2012 04:00:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" wurde
unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 25.05.2012 04:00:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "IP-Hilfsdienst" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 25.05.2012 04:00:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Server" wurde unerwartet beendet. Dies ist bereits 1 Mal
vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 25.05.2012 04:00:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 25.05.2012 04:00:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 25.05.2012 04:00:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 25.05.2012 04:00:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 25.05.2012 04:00:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 25.05.2012 04:00:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 25.05.2012 04:00:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
Millisekunden durchgeführt: Neustart des Diensts.
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.12.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] Schutz: Aktiviert 12.06.2012 14:40:36 mbam-log-2012-06-12 (14-40-36).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 529999 Laufzeit: 2 Stunde(n), 26 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\***\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\SoftonicDownloader_fuer_curse-client.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\SoftonicDownloader_fuer_swf-player.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\SoftonicDownloader_fuer_tor.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
14.06.2012, 07:57
| #2 |
| /// Helfer-Team    | Generic Exploit.f Verschlüsselungstrojaner (via E-Mail) Hallo und Herzlich Willkommen!
__________________ Diese Art der Verschlüsselung ist momentan nicht reparierbar! Die einzige Chance deine Daten wiederherzustellen: (Während der Aktion den Rechner vom Internet und Netzwerk trennen!) -> Daten wiederherstellen mit ShadowExplorer kann ich Dir nur viel Glück wünschen auf jeden Fall melde dich und berichte ob es Dir gelingen ist die Daten wieder herzustellen? gruß kira
__________________ |
|
16.06.2012, 12:46
| #3 |
| | Generic Exploit.f Verschlüsselungstrojaner (via E-Mail) Der ShadowExplorer zeigt bei mir keine Partitionen an. Die beiden Felder zur Pfadangabe sind beide leer.
__________________ |
|
16.06.2012, 21:12
| #4 | |
| /// Helfer-Team | Generic Exploit.f Verschlüsselungstrojaner (via E-Mail) vermutlich Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. habe gerade einen Tipp bekommen, vlt hilft Dir das: Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
17.06.2012, 12:42
| #5 |
| | Generic Exploit.f Verschlüsselungstrojaner (via E-Mail) Ich habs gerade mal ausprobiert und es geht 1 Tag zu wenig zurück. Ich kann bis zum 12. zurück, aber der Befall war am 11. |
|
17.06.2012, 19:41
| #6 |
| /// Helfer-Team | Generic Exploit.f Verschlüsselungstrojaner (via E-Mail) Ich habe leider dann eine schlechte Nachricht für Dich:-> zur Info: Es tut mir leid. Kein Happy End! Diese Art der Verschlüsselung ist momentan nicht reparierbar! Die einzige Möglichkeit deine Daten zu retten ist (wenn schon dann irgendwann), aber niemand soll sich falsche Hoffnungen machen: Festplatte ausbauen (also aufheben in den aktuellen Zustand) nicht mehr etwas löschen, ändern! eine neue Festplatte kaufen und einbauen, Windows drauf installieren damit Du am PC arbeiten kannst! Die befallene Platte auf Seite legen und warten solange, bis es eine Lösung gibt ansonsten noch Tipps:-> http://www.trojaner-board.de/116851-...strojaner.html
__________________ --> Generic Exploit.f Verschlüsselungstrojaner (via E-Mail) |
|
| Themen zu Generic Exploit.f Verschlüsselungstrojaner (via E-Mail) |
| 7-zip, alternate, antivirus, any video converter, benachrichtigungsdienst, benutzerprofildienst, bho, bingbar, bonjour, dateisystem, device driver, e-mail, error, failed, festplatte, firefox, flash player, google, grand theft auto, heuristiks/extra, heuristiks/shuriken, home, ip-hilfsdienst, locker, logfile, microsoft office starter 2010, mp3, mywinlocker, pando media booster, plug-in, problem, realtek, richtlinie, scan, searchscopes, security, siteadvisor, software, svchost.exe, symantec, system, systemereignisse, teamspeak, trojaner, version., visual studio, windows, ändern |
Linear-Darstellung
