Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.06.2012, 11:34   #1
holzhupe64
 
Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt - Standard

Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt



Hallo
Ich habe mir vorgestern einen Verschlüsselungstrojaner eingefangen. Via email-Anhang. ( Vermeindliche Rechnung)
Nachdem der Ukash-Bildschirm erschien, bin ich in den abgesicherten Modus und habe Avira laufen lassen. Dieser fand dann folgende Übeltäter:
TR/Agent.47104-L
TR/Matsnu.A.67
EXP/CVE-2011-3544
EXP/2010-0840.CM
EXP/JAVA.Ternub.Gen
EXP/CVE-0840.HE
EXP/CVE-2011-3544.CF
EXP/JAVA.Coniz.Gen
EXP/CVE-2010-0840
Ich habe anschließend die Funde entfernt. Der Rechner fuhr ganz normal hoch, aber seither sind sämtliche Dateien ohne " Locked" verschlüsselt. Eine Sytemwiederherstellung änderte nichts daran. Ich habe dann alle hier empfohlenen Programme getestet. Ohne Erfolg.
Jetzt habe ich OTL scannen lassen. Hier nun die Ergebnisse:


OTL logfile created on: 14.06.2012 12:06:32 - Run 4
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Hans-Peter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 40,87% Memory free
7,73 Gb Paging File | 5,04 Gb Available in Paging File | 65,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,58 Gb Total Space | 339,83 Gb Free Space | 75,09% Space Free | Partition Type: NTFS
Drive D: | 12,88 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 94,93 Mb Free Space | 95,87% Space Free | Partition Type: FAT32
Drive F: | 2,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HANS-PETER-PC | User Name: Hans-Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.14 10:22:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hans-Peter\Desktop\OTL.exe
PRC - [2012.06.14 10:19:38 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\Defogger.exe
PRC - [2012.05.14 22:10:08 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012.05.08 19:41:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:41:08 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:41:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.26 11:24:58 | 001,516,600 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.01.04 13:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011.09.29 13:44:32 | 001,756,232 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
PRC - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.02.12 18:50:47 | 000,729,488 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.08.25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2006.09.26 02:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files (x86)\Common Files\aol\1297545160\ee\aolsoftware.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.14 10:19:38 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\Defogger.exe
MOD - [2012.05.05 09:05:03 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.03.26 11:25:32 | 000,345,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012.03.26 11:25:32 | 000,282,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012.03.26 11:25:26 | 008,197,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll
MOD - [2012.03.26 11:25:26 | 002,302,008 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012.03.26 11:25:24 | 000,027,704 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2012.03.26 11:25:22 | 000,202,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2011.09.29 13:44:36 | 000,498,760 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2011.09.29 13:44:34 | 000,123,976 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.10.16 13:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009.10.16 13:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.10.16 13:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.23 11:32:49 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012.05.21 21:25:04 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2012.05.21 21:24:56 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012.05.08 19:41:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:41:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.05 09:05:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.09.16 16:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.08.25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.12.17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.21 21:24:56 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012.05.08 19:41:12 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:41:12 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.11.01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.11.01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.10.28 20:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.16 16:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011.09.16 16:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 19:46:37 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.11.03 20:59:04 | 000,299,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.24 03:53:00 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.05 10:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.30 02:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009.08.30 02:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2006.11.30 00:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2012.05.08 15:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.09.16 16:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys -- (LMIInfo)
DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.07.24 12:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {582EDF3E-3786-4C7E-AFCC-243C1B9A3772}
IE:64bit: - HKLM\..\SearchScopes\{582EDF3E-3786-4C7E-AFCC-243C1B9A3772}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/layoutsexpress/{81652462-A0D1-4EFB-A5E6-AE5274CECBEF}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{582EDF3E-3786-4C7E-AFCC-243C1B9A3772}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files (x86)\Live_TV\tbLive.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Layouts Express Toolbar\tbhelper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {582EDF3E-3786-4C7E-AFCC-243C1B9A3772}
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=22384a1b00000000000078e400531815&tlver=1.4.19.19&affID=17160
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
IE - HKCU\..\SearchScopes\{582EDF3E-3786-4C7E-AFCC-243C1B9A3772}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/layoutsexpress/{81652462-A0D1-4EFB-A5E6-AE5274CECBEF}?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.20007
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: quickprint@hp.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=22384a1b00000000000078e400531815&tlver=1.4.19.19&instlRef=sst&affID=17160&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.05.12 13:58:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.08 20:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 00:44:54 | 000,000,000 | ---D | M]

[2011.03.03 23:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Extensions
[2012.04.29 23:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions
[2011.10.04 22:37:33 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.10.04 22:37:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.01 18:02:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.13 00:32:35 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\ffxtlbr@babylon.com
[2012.06.13 00:32:35 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\plugin@yontoo.com
[2012.04.29 23:55:12 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hans-Peter\AppData\Roaming\mozilla\Firefox\Profiles\bo9wj6i6.default\extensions\toolbar@ask.com
[2011.09.27 13:49:34 | 000,000,931 | ---- | M] () -- C:\Users\Hans-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\bo9wj6i6.default\searchplugins\conduit.xml
[2012.06.13 00:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.04.20 03:55:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.28 01:14:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.09.04 12:03:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.10.23 17:03:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.06.13 00:44:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.01.26 15:27:28 | 000,000,000 | ---D | M] (SmartPrintButton) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\SMARTPRINT\QPEXTENSION
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.02.19 04:41:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.12 20:58:42 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.02.19 04:41:40 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.19 04:41:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.02.19 04:41:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.02.19 04:41:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Hans-Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Hans-Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Hans-Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011.11.16 14:26:28 | 000,435,266 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14978 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Live TV Toolbar) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files (x86)\Live_TV\tbLive.dll (Conduit Ltd.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Layouts Express Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Layouts Express Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Layouts Express Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Live TV Toolbar) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files (x86)\Live_TV\tbLive.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Layouts Express Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Layouts Express Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Live TV Toolbar) - {B69A9DB4-D0A1-4722-B56B-F20757A29CDF} - C:\Program Files (x86)\Live_TV\tbLive.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1297545160\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Windows\TEMP\E_S7D4A.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31A7B0E8-7851-447E-8ECA-472E55D7F67F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1dab9ad9-89f1-11e0-9690-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1dab9ad9-89f1-11e0-9690-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4ed06c67-39d6-11e0-b972-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4ed06c67-39d6-11e0-b972-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4ed06c6d-39d6-11e0-b972-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4ed06c6d-39d6-11e0-b972-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{889d8bd8-864e-11e0-9ae7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{889d8bd8-864e-11e0-9ae7-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.14 10:22:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hans-Peter\Desktop\OTL.exe
[2012.06.14 09:47:13 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\Desktop\Neuer Ordner
[2012.06.14 09:46:55 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\Desktop\Marley shadow
[2012.06.13 15:12:42 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\www.shadowexplorer.com
[2012.06.13 15:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.06.13 15:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer
[2012.06.13 15:10:55 | 000,937,024 | ---- | C] (ShadowExplorer.com ) -- C:\Users\Hans-Peter\Desktop\ShadowExplorer-0.8-setup.exe
[2012.06.13 14:53:42 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.06.13 14:53:35 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.06.13 14:53:29 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.06.13 14:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.06.13 14:52:59 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\TuneUp Software
[2012.06.13 14:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.06.13 14:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.06.13 14:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.06.13 14:52:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.06.13 00:56:50 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\Malwarebytes
[2012.06.13 00:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.13 00:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.13 00:56:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.13 00:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.13 00:54:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hans-Peter\Desktop\mbam-setup.exe
[2012.06.12 23:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.06.12 20:58:58 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\BabylonToolbar
[2012.06.12 20:58:51 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012.06.12 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.06.12 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Local\Wajam
[2012.06.12 20:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012.06.12 20:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.06.12 20:58:32 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
[2012.06.12 20:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uncompressor
[2012.06.12 20:58:31 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\AppData\Roaming\Babylon
[2012.06.12 20:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.10 22:28:07 | 000,000,000 | ---D | C] -- C:\Users\Hans-Peter\Documents\07.06.2012
[2012.05.20 12:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.20 12:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.20 12:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.14 12:01:00 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012.06.14 12:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.14 11:55:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 11:55:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.14 10:22:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hans-Peter\Desktop\OTL.exe
[2012.06.14 10:20:56 | 000,000,000 | ---- | M] () -- C:\Users\Hans-Peter\defogger_reenable
[2012.06.14 10:19:38 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\Defogger.exe
[2012.06.13 18:08:03 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 18:08:03 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 18:01:11 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.06.13 18:00:41 | 000,001,962 | ---- | M] () -- C:\Users\Hans-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
[2012.06.13 17:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.13 17:58:56 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.13 17:53:19 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2012.06.13 15:12:35 | 000,001,889 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\ShadowExplorer.lnk
[2012.06.13 15:10:55 | 000,937,024 | ---- | M] (ShadowExplorer.com ) -- C:\Users\Hans-Peter\Desktop\ShadowExplorer-0.8-setup.exe
[2012.06.13 14:53:12 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.13 14:53:12 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.13 12:03:38 | 000,019,458 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\DecryptHelper-0.5.jar
[2012.06.13 11:55:37 | 000,231,887 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\Trojan.Ransom.HM-Decrypt_v1.zip
[2012.06.13 11:31:42 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.06.13 11:31:42 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.06.13 06:47:33 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHans-Peter.job
[2012.06.13 00:56:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.13 00:55:12 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hans-Peter\Desktop\mbam-setup.exe
[2012.06.11 21:39:07 | 000,046,825 | ---- | M] () -- C:\Users\Hans-Peter\Documents\Tabelle.zip
[2012.06.03 23:01:15 | 000,002,983 | ---- | M] () -- C:\Users\Hans-Peter\Desktop\BMW_M_Logo_WP01.jpg
[2012.06.01 10:21:09 | 000,007,627 | ---- | M] () -- C:\Users\Hans-Peter\AppData\Local\Resmon.ResmonCfg
[2012.06.01 09:24:33 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.01 09:24:33 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.01 09:24:33 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.01 09:24:33 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.01 09:24:33 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.29 13:09:54 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.05.29 13:09:50 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.05.29 13:09:50 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.05.23 09:04:09 | 000,010,468 | ---- | M] () -- C:\Users\Hans-Peter\Documents\Widerrufsbelehrung.pdf
[2012.05.22 05:47:44 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHANS-PETER-PC$.job
[2012.05.21 21:24:56 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012.05.21 21:24:56 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012.05.21 21:24:56 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012.05.16 23:06:04 | 000,348,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.14 10:20:56 | 000,000,000 | ---- | C] () -- C:\Users\Hans-Peter\defogger_reenable
[2012.06.14 10:19:38 | 000,050,477 | ---- | C] () -- C:\Users\Hans-Peter\Desktop\Defogger.exe
[2012.06.13 18:01:10 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.06.13 17:53:19 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2012.06.13 15:12:35 | 000,001,889 | ---- | C] () -- C:\Users\Hans-Peter\Desktop\ShadowExplorer.lnk
[2012.06.13 14:53:12 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.13 14:53:12 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.13 14:53:11 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.06.13 12:03:38 | 000,019,458 | ---- | C] () -- C:\Users\Hans-Peter\Desktop\DecryptHelper-0.5.jar
[2012.06.13 11:55:37 | 000,231,887 | ---- | C] () -- C:\Users\Hans-Peter\Desktop\Trojan.Ransom.HM-Decrypt_v1.zip
[2012.06.13 00:56:43 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.11 21:39:06 | 000,046,825 | ---- | C] () -- C:\Users\Hans-Peter\Documents\Tabelle.zip
[2012.06.03 23:01:15 | 000,002,983 | ---- | C] () -- C:\Users\Hans-Peter\Desktop\BMW_M_Logo_WP01.jpg
[2012.06.02 13:42:00 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHans-Peter.job
[2012.05.23 09:04:08 | 000,010,468 | ---- | C] () -- C:\Users\Hans-Peter\Documents\Widerrufsbelehrung.pdf
[2012.02.28 20:35:07 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.02.26 12:00:03 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2012.01.01 19:37:31 | 001,302,861 | ---- | C] () -- C:\ProgramData\IMG_0592.mov
[2011.09.18 19:53:55 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.09.18 19:53:55 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.05.14 19:51:41 | 000,001,854 | ---- | C] () -- C:\Users\Hans-Peter\AppData\Roaming\GhostObjGAFix.xml
[2011.03.08 00:29:51 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.02.25 23:23:31 | 000,007,627 | ---- | C] () -- C:\Users\Hans-Peter\AppData\Local\Resmon.ResmonCfg
[2011.02.17 21:10:48 | 000,000,004 | ---- | C] () -- C:\Users\Hans-Peter\AppData\Roaming\wklnhst.dat
[2011.02.12 23:11:45 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.12 18:43:22 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.02.12 18:40:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.12 18:34:17 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011.02.12 18:34:17 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== LOP Check ==========

[2011.12.25 15:53:20 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Azureus
[2012.06.12 20:58:31 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Babylon
[2012.06.13 00:32:35 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\BabylonToolbar
[2011.10.01 12:07:56 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoft
[2011.04.24 22:26:24 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.24 14:32:58 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\elsterformular
[2012.06.13 00:33:52 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\FreeArc
[2011.02.13 16:03:15 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\GetRightToGo
[2011.12.21 19:53:44 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\gtk-2.0
[2011.11.19 01:53:25 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Hobbyist Software
[2011.12.12 11:47:36 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\ManyCam
[2012.02.19 00:07:51 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Need for Speed World
[2012.05.12 14:03:33 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Nokia
[2011.02.12 19:47:40 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Opera
[2012.05.12 14:41:20 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\PC Suite
[2011.11.16 20:48:16 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\redsn0w
[2012.03.07 09:57:44 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Systweak
[2011.08.29 21:26:09 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Template
[2012.06.13 14:52:59 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\TuneUp Software
[2012.03.30 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\TuneUpMedia
[2011.02.23 02:00:02 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Verbindungsassistent
[2011.04.13 00:56:59 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\Windows Live Writer
[2012.06.13 15:12:42 | 000,000,000 | ---D | M] -- C:\Users\Hans-Peter\AppData\Roaming\www.shadowexplorer.com
[2012.06.13 18:01:11 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.11.02 23:10:30 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 14.06.2012 10:24:15 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Hans-Peter\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 59,07% Memory free
7,73 Gb Paging File | 5,31 Gb Available in Paging File | 68,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,58 Gb Total Space | 339,84 Gb Free Space | 75,09% Space Free | Partition Type: NTFS
Drive D: | 12,88 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 94,93 Mb Free Space | 95,87% Space Free | Partition Type: FAT32
Drive F: | 2,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HANS-PETER-PC | User Name: Hans-Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A4726C-946B-4A35-A85C-50E49003233D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D4F05BF-4A32-4359-B694-4BCC37ED4D29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{150AB002-607D-42B8-9605-AFB7D34A3526}" = rport=138 | protocol=17 | dir=out | app=system |
"{1916AA29-619A-4F62-9673-571653E4B68B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27B6C035-8D1A-4D1F-89C5-CA6B7F7090F5}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F447FA2-7C31-4C10-A635-218D57C3CD88}" = rport=137 | protocol=17 | dir=out | app=system |
"{41B3A0C4-3DED-4BB0-86DC-23E31317D2AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4AF0ED2A-DB94-437C-A829-BFDFF33E00A2}" = lport=138 | protocol=17 | dir=in | app=system |
"{4F465E82-5B7C-4976-B868-856387DA8655}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A50F88E-B222-4120-94C4-FA8658171A76}" = rport=139 | protocol=6 | dir=out | app=system |
"{5C20B042-457D-4453-B153-22D28F3AF023}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6FA5A89B-C8CC-4C2B-8155-6544615FDCC1}" = lport=139 | protocol=6 | dir=in | app=system |
"{7080A826-B2FF-441B-B207-52918C1AD08B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E92E04B-2904-4344-AA77-E86B21CFA10F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{89E7325A-B3B4-4C0C-8103-6898DC4DDB13}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93AC6364-FA03-46CC-8D60-218460E149B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A10E1AE3-F468-464D-B3CB-199C319536FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A84B6FC2-15F0-418D-9C43-6AC8C73A3A4A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBD6BA45-8CE8-4C49-B4E7-485C9585158C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C75CA48F-B61C-4BD8-BD68-BC6EBF8613E4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DCE999DE-7076-44C6-BDA4-5316EEF6952B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4CBEEFA-E8D7-4B63-81F6-B6BE1A0057E1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ED160436-4E92-48C4-8A17-85F11F63F83B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F3316B69-5E09-40C4-833A-FDB6729B91F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F73DB563-7353-45F8-977D-AEF75A112EB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F882033B-2F0C-472A-8F60-34E5FCE61398}" = lport=137 | protocol=17 | dir=in | app=system |
"{FC43EC05-8396-4E65-8F07-255B988D8603}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09FF0DF3-F9B6-450B-8500-2A776F7F9862}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{10156FEA-E353-45B5-BA71-80E4BCC9BF4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{139411B2-42A7-4286-BE09-8FE71F47E65A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15A0E65A-CFFA-4A08-8F72-57EE7949129C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{179449A0-239E-4EE1-A3A7-2BF976B26171}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{2A356317-EB72-49EE-AC85-04927D638BD4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{2D70C6A2-83B8-490B-BCAC-E81F30E8DF64}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2E229E83-E053-401F-AA8B-37E21B6110F3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1297545160\ee\aolsoftware.exe |
"{33EE9A21-0AD3-4552-A4B5-5B2ABF04EA73}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe |
"{375F1205-18D4-483A-9951-28B32FFC64E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3B76F13D-73A8-402F-9BDB-3D363FE045E1}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\mdnsresponder.exe |
"{3D1733C6-CCC5-4601-8873-21D23E90B9F1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3EE85647-FC12-4E99-B177-2B12812BE53D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3FB9E1DB-AE07-4D59-B518-A76DE2C0920D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4C19C657-0476-4F99-80B5-4A973BC57C97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{563550BA-3E8C-4D1F-8637-C00719D65DA7}" = protocol=6 | dir=out | app=system |
"{5F5B15D6-593D-465E-B918-7B46B8995B30}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64972AA2-0CB0-47A2-952D-ECAED6ECEC8F}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\vlc streamer configuration.exe |
"{65A219A7-B1CB-43F4-9252-07A62A15CEB5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{661A4409-E2BA-484C-8958-D80A700175F3}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{72C3088F-5394-460E-89AF-C966755B6010}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{78234CFD-F6F8-4AAA-9BA4-9B7752590365}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7BC6CC3A-B0FD-4CA3-8AB7-E8171E6F2679}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{8132DC6E-81EC-4848-BD26-7A4A999980C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{818E331B-ED67-4D69-AE57-835611012009}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{84FA3368-4957-432A-8BA4-DBFA87F4D646}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{86719BC2-50F4-4F15-B59D-60F0E0A0340D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{968FE89E-0BF5-4B53-BBCC-DE8C88980AF3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{97512723-4D2F-4B57-B971-727B06820FC1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{A040E550-355F-4FE4-AF7A-9150A5694092}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1297545160\ee\aolsoftware.exe |
"{A375F652-940A-4A57-A46F-3261AC91B196}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{A664C89D-0542-4A67-9C57-6B3D92CAECD6}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.0 vr\waol.exe |
"{ABC52FA6-16F5-4BD4-A082-1B93E2F4FB34}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ABF995A6-81D3-410D-BB0A-27FA3F2FD943}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B04504E4-276D-4101-BE6D-7D6747A222D7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B18B0AA9-1528-4B7A-A699-6932EBD820F2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{B1D65436-49B8-4882-94EB-E47B12D7BFAF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{B270C5A1-8CEC-4BE3-8A86-10F33732F45A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6996356-E04B-4776-8499-1A18F0BF509D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{BC6BBD13-B1C4-4593-B89F-381EEA8AA065}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C0D9C258-EB9A-4B4D-88F9-4B1E6584245E}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.0 vr\waol.exe |
"{C27F0A15-0062-47DD-B6E0-E7C9F3E34C8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C56484B1-37BC-471F-8B2F-4EAA17AC02D7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C67A34EB-375A-4D5F-A75E-D1959D192E0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C70389F4-BB35-4BF2-9729-CCCB8DF4A13A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D53AF265-C7BD-44C6-BAB5-9CA8385126BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DAC4EAFA-A065-47D0-A126-DD5034AA6CD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC7BAFD3-57F8-48FD-87E2-337C69B8CF47}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DD7717B5-CB61-40A9-B908-5736820A5F81}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E0686CE0-CA91-4452-9D7C-26F7034276B7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E094168C-B6B4-4BD3-AB1A-0538160D2846}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |
"{E7CFBCBC-702F-431F-93A6-083D95FF1D3B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{EB1259DA-FA74-40C4-A0AC-3C45172D1F32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2E46166-3E44-4C9D-AD23-2D663E8C4B4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3D753E1-4700-41FC-9626-2C2405F44122}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F50D615B-5470-4AA7-8ED0-17B0A11B6C8D}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |
"{F6BFE979-3890-4D70-B8D1-DD13A8D403A0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{03EAE3D0-A6E9-4B85-84D2-BABBD7634471}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{3D9FFBEE-F222-4F6F-AEF5-1E91D930AA87}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{60683587-D6FA-45DA-944D-21C1E9900777}C:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe |
"TCP Query User{9FD39F81-5401-4AB0-8345-7C4B78A8B371}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{E05BFF43-8280-484F-87E8-BAAC7DC6847A}C:\alle seck\tinyumbrella-5.00.09.exe" = protocol=6 | dir=in | app=c:\alle seck\tinyumbrella-5.00.09.exe |
"UDP Query User{157A63B3-0063-4226-96C0-79F037BEA3B1}C:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe |
"UDP Query User{5F97FBB8-2EAB-4B80-98F9-2AC95AAF1E2B}C:\alle seck\tinyumbrella-5.00.09.exe" = protocol=17 | dir=in | app=c:\alle seck\tinyumbrella-5.00.09.exe |
"UDP Query User{98B596DD-6A10-488C-96FC-FB945B9815CD}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{C8577B3A-0FD6-4257-BC86-120B5DC9850E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{E6DB7862-8DAC-4031-B28C-BBB20315B017}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{93B49FE1-0C81-479B-986A-D50DDA80E2C6}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B0BF4E84-0EE3-4E47-B90E-27B40348E022}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"EPSON Stylus SX400 Series" = Druckerdeinstallation für EPSON Stylus SX400 Series
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech
"{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard
"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional
"{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek
"{3C867AA0-22EC-4B27-8C60-A354AA37D68C}_is1" = RAW Image Viewer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light
"{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish
"{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides
"{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABBC8011-1E42-4ADA-9794-574349612CEF}" = iWebcamera
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}" = LogMeIn
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common
"{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"AOL Deinstallation" = AOL Deinstallation
"AOL Toolbar 4.0" =
"Auction Designer_is1" = Auction Designer 1.0.10
"Avira AntiVir Desktop" = Avira Free Antivirus
"Carom3D" = Carom3D
"CDex" = CDex - Open Source Digital Audio CD Extractor
"conduitEngine" = Conduit Engine
"EasyBits Magic Desktop" = Magic Desktop
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.0.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"FreeArc" = FreeArc 0.666
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Live TV Toolbar" = Live TV Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"ManyCam" = ManyCam 2.6.60 (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
"mp3-2-wav" = mp3-2-wav converter 1.14
"NIS" = Norton Internet Security
"Nokia PC Suite" = Nokia PC Suite
"Opera 11.50.1074" = Opera 11.50
"Opera 11.64.1403" = Opera 11.64
"PhotoStage" = PhotoStage Slideshow Producer
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Videodatei-Konverter
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Tansee iPhone Copy_is1" = Tansee iPhone Copy 5.0.0.0
"Tansee iPhone Transfer Contact_is1" = Tansee iPhone Transfer Contact
"Tansee iPhone Transfer SMS_is1" = Tansee iPhone Transfer SMS
"Tansee iPhone Transfer_is1" = Tansee iPhone Transfer v5.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"TuneUpMedia" = TuneUp Companion 2.2.5
"Uninstall_is1" = Uninstall 1.0.0.1
"Verbindungsassistent" = Verbindungsassistent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC Streamer_is1" = VLC Streamer 1.50
"WildTangent hp Master Uninstall" = HP Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinZip Self-Extractor" = WinZip Self-Extractor

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29.05.2012 06:51:21 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8081

Error - 29.05.2012 06:51:21 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8081

Error - 29.05.2012 06:51:22 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29.05.2012 06:51:22 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9095

Error - 29.05.2012 06:51:22 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9095

Error - 29.05.2012 06:51:23 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29.05.2012 06:51:23 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10171

Error - 29.05.2012 06:51:23 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10171

Error - 29.05.2012 06:51:24 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29.05.2012 06:51:24 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11263

Error - 29.05.2012 06:51:24 | Computer Name = Hans-Peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11263

[ Hewlett-Packard Events ]
Error - 28.04.2012 08:18:41 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3957 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 05.05.2012 04:57:09 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3957 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

Error - 05.05.2012 05:16:36 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3957 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 12.05.2012 13:52:09 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3957 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 19.05.2012 09:04:34 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3957 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 26.05.2012 17:56:53 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3957 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

Error - 02.06.2012 07:32:40 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3957 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 02.06.2012 07:41:48 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3957 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 09.06.2012 09:45:07 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3957 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

Error - 12.06.2012 01:04:23 | Computer Name = Hans-Peter-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3957 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

[ System Events ]
Error - 12.06.2012 18:36:05 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP

Error - 12.06.2012 18:37:42 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Media Player-Netzwerkfreigabedienst erreicht.

Error - 12.06.2012 18:37:42 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053

Error - 12.06.2012 18:37:51 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 13.06.2012 00:47:06 | Computer Name = Hans-Peter-PC | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 13.06.2012 00:47:06 | Computer Name = Hans-Peter-PC | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 13.06.2012 00:47:52 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP

Error - 13.06.2012 11:53:47 | Computer Name = Hans-Peter-PC | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 13.06.2012 11:53:47 | Computer Name = Hans-Peter-PC | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 13.06.2012 12:00:56 | Computer Name = Hans-Peter-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP


< End of report >
Ich hoffe, ich habe das als absoluter Laie richtig gemacht
Liebe Grüße
Hans-Peter

Alt 15.06.2012, 20:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt - Standard

Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt



Du hast Malwarebytes installiert aber kein einziges Log davon gepostet!

Allgemeine Hinweise bzgl. des Verschlüsselungstrojaners:

Zur Entschlüsselung/Wiederherstellung bitte die fette Hinweisbox oben beachten!


Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man (noch) nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung
Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon

Eine Notlösung für Vista und Win7-User => http://www.trojaner-board.de/115496-...erstellen.html

Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "original" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht!


Man darf sich aber keine falschen Hoffnungen machen. Mittlerweile sieht es finster aus => Delphi-PRAXiS - Einzelnen Beitrag anzeigen - Verschlüsselungs-Trojaner, Hilfe benötigt

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html
__________________

__________________

Antwort

Themen zu Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt
ad-aware, antivir, autorun, avira, bho, bonjour, conduit, converter, error, fast start, firefox, flash player, format, google earth, home, install.exe, logfile, microsoft office word, mp3, netzwerk, realtek, registry, rundll, safer networking, scan, searchscopes, security, security scan, software, svchost.exe, symantec, tarma, udp, usb 2.0, version=1.0, windows, yontoo



Ähnliche Themen: Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt


  1. Reparaturanleitungen für Dateien vom Verschlüsselungstrojaner "12 kB / neue Version"
    Diskussionsforum - 15.05.2017 (193)
  2. Trojaner verschlüsselt Dateien ( Locked )
    Log-Analyse und Auswertung - 07.01.2014 (5)
  3. Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!"
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (9)
  4. Verschlüsselungstrojaner ohne Dateiname und locked
    Log-Analyse und Auswertung - 24.01.2013 (2)
  5. Verschlüsselungs-Trojaner (ohne Dateiname "locked-...")
    Diskussionsforum - 06.09.2012 (5)
  6. wie "Locked" dateien entschlüsseln?
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  7. Entschlüsseln von Dateien die nicht "locked" im Namen haben
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  8. Verschlüsselungstrojaner ohne "locked"
    Plagegeister aller Art und deren Bekämpfung - 20.06.2012 (2)
  9. Dateien bleiben Verschlüsselt "Windows Update Verschlüsselungstrojaner"
    Plagegeister aller Art und deren Bekämpfung - 14.06.2012 (1)
  10. Pay-/Verschlüsselungs-Trojaner -- Ohne "locked" Dateien ?
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (1)
  11. Verschlüsselungstrojaner, alle Dateien "locked" Verfahrensweise?
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (4)
  12. UKash - Dateien verschlüsselt, aber NICHT "locked" oder wirre Namen
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  13. Verschlüsselungstrojaner ohne locked-Prefix
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (1)
  14. Verschlüsselungstrojaner "Windows Update" (Rechnung.zip) incl. Sperrung aller Dateien
    Log-Analyse und Auswertung - 31.05.2012 (3)
  15. Verschlüsselungstrojaner hat zugeschlagen - Dateien sind ohne "Lock" Bezeichnung
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  16. Verschlüsselungstrojaner - ohne "locked" - im Dateinamen
    Log-Analyse und Auswertung - 24.05.2012 (2)
  17. Dateien nicht "locked--" sondern QWCiPhErEd
    Diskussionsforum - 01.05.2012 (3)

Zum Thema Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt - Hallo Ich habe mir vorgestern einen Verschlüsselungstrojaner eingefangen. Via email-Anhang. ( Vermeindliche Rechnung) Nachdem der Ukash-Bildschirm erschien, bin ich in den abgesicherten Modus und habe Avira laufen lassen. Dieser fand - Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt...
Archiv
Du betrachtest: Verschlüsselungstrojaner ohne "Locked"/ Dateien verschlüsselt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.