Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Pc mit Windows Update Trojaner infiziert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.06.2012, 10:56   #1
krakatitt
 
Pc mit Windows Update Trojaner infiziert - Standard

Pc mit Windows Update Trojaner infiziert



Hallo, Ich habe durch das unvorsichteige Öffnen eines e-mail Anhangs mein PC mit dem Windos Update Trojaner infiziert. Ich konnte mein PC von einer ander Festplatte mit einem sauberem System starte aber ich würde ungerne alle Programme neu installieren. Das infizierte System befindet sich auf dem D Laufwerk. Ich habbe die empfolehne Schritte getan und lege den Inhalt der Textdokumente bei. Sollte es eine andere Lösung als die komplette Neuinstalation geben, wäre ich sehr dankbar darüber.

Textinhalte:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stefan Golea :: MUSICPC [Administrator]

Schutz: Aktiviert

15.06.2012 12:32:32
mbam-log-2012-06-16 (11-36-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 929061
Laufzeit: 4 Stunde(n), 24 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab Music Converter (Adware.Agent) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Creator (Adware.InstallCore) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Stefan Golea\AppData\Roaming\CCenter (Rogue.ControlCenter) -> Keine Aktion durchgeführt.

Infizierte Dateien: 13
C:\Program Files\Vienna Ensemble Pro\Directory Manager.exe (Packer.ModifiedUPX) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\FoxTabMusicConverter\Uninstall\Uninstall.exe (Adware.Agent) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.InstallCore) -> Keine Aktion durchgeführt.
C:\Users\Stefan Golea\Downloads\MusicConverterSetup.exe (Adware.Agent) -> Keine Aktion durchgeführt.
C:\Users\Stefan Golea\Downloads\PDFCreatorSetup.exe (Adware.InstallCore) -> Keine Aktion durchgeführt.
C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_virtualdub.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up (1).exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_windows-installer.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_winvistaside-updateinstaller-fur-windows-7.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Stefan Golea\Downloads\VideoConverterSetup.exe (Adware.InstallCore) -> Keine Aktion durchgeführt.
D:\Program Files\Vienna Ensemble Pro\Directory Manager.exe (Packer.ModifiedUPX) -> Keine Aktion durchgeführt.
C:\Users\Stefan Golea\AppData\Roaming\CCenter\settings.ini (Rogue.ControlCenter) -> Keine Aktion durchgeführt.

(Ende)

OTL logfile created on: 16.06.2012 01:27:09 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Stefan Golea\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 4,52 Gb Available Physical Memory | 56,47% Memory free
16,00 Gb Paging File | 12,11 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 256,53 Gb Free Space | 36,72% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 276,33 Gb Free Space | 59,33% Space Free | Partition Type: NTFS
Drive F: | 19,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 931,28 Gb Total Space | 504,06 Gb Free Space | 54,13% Space Free | Partition Type: FAT32
Drive I: | 465,64 Gb Total Space | 230,45 Gb Free Space | 49,49% Space Free | Partition Type: FAT32

Computer Name: MUSICPC | User Name: Stefan Golea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012.06.15 14:06:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan Golea\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.27 15:44:18 | 001,304,792 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
PRC - [2012.02.27 08:33:27 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan Golea\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.02.03 14:43:38 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\pdf24\pdf24.exe
PRC - [2012.02.02 03:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Stefan Golea\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.01.12 06:44:56 | 000,210,744 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\ytbb.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.06.22 21:31:34 | 001,353,232 | ---- | M] (Logitech, Inc.) -- C:\Users\Stefan Golea\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe
PRC - [2011.06.22 21:31:30 | 000,351,248 | ---- | M] (Logitech, Inc.) -- C:\Users\Stefan Golea\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe
PRC - [2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.04.29 01:24:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.04.22 14:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.01.20 13:04:14 | 000,370,688 | -H-- | M] (SanDisk Corporation) -- C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010.10.26 18:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2010.10.26 18:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2010.03.09 01:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010.03.05 21:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009.05.05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.07.12 11:11:34 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe


========== Modules (No Company Name) ==========

MOD - [2012.02.27 15:44:20 | 000,057,344 | ---- | M] () -- C:\Programme\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll
MOD - [2012.02.27 15:44:20 | 000,049,152 | ---- | M] () -- C:\Programme\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll
MOD - [2012.02.17 11:18:47 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.10.14 10:31:03 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll
MOD - [2011.10.14 10:29:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 10:29:38 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
MOD - [2011.10.14 09:53:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011.10.14 09:53:17 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.10.14 00:47:16 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll
MOD - [2011.10.14 00:47:04 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
MOD - [2011.10.14 00:46:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011.10.14 00:46:57 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011.10.14 00:46:55 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
MOD - [2011.10.14 00:46:53 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll
MOD - [2011.10.14 00:46:52 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011.10.14 00:46:47 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011.06.09 09:51:09 | 000,055,816 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
MOD - [2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.03.30 00:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.05 03:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.05.07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010.05.07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010.05.07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010.05.07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010.05.07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2010.02.23 22:53:22 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
MOD - [2007.07.12 11:11:34 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007.07.12 11:11:34 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
MOD - [2007.07.12 11:11:32 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPToolkit.dll
MOD - [2007.07.12 11:11:32 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\Enumeration.dll
MOD - [2007.07.12 11:11:16 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPTools.dll
MOD - [2007.07.12 11:11:10 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPStreamsInterface.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011.12.13 10:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2012.06.14 08:28:09 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.13 10:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.04.07 17:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.02.11 17:13:49 | 000,025,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV:64bit: - [2011.12.01 11:06:03 | 000,167,696 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011.12.01 11:06:03 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011.12.01 11:06:03 | 000,091,920 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011.12.01 11:06:03 | 000,070,928 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011.08.19 11:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 300(UVC)
DRV:64bit: - [2011.08.19 11:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.06.28 18:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2011.04.13 16:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,968 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.27 08:11:38 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.05 15:22:32 | 000,051,200 | ---- | M] (Focusrite Audio Engineering Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ffusbaudio.sys -- (FFUsbAudio)
DRV:64bit: - [2010.01.25 10:00:18 | 000,214,368 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Saffire.sys -- (Saffire)
DRV:64bit: - [2010.01.25 10:00:18 | 000,043,616 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaffireMidi.sys -- (SaffireMidi)
DRV:64bit: - [2010.01.25 10:00:18 | 000,038,880 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaffireAudio.sys -- (SaffireAudio)
DRV:64bit: - [2010.01.16 11:31:49 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.05 22:46:22 | 000,027,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.26 15:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008.12.09 10:45:30 | 000,044,560 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ak1avs_x64.sys -- (ak1avs_x64)
DRV:64bit: - [2008.12.09 10:45:27 | 000,233,488 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ak1usb_x64.sys -- (ak1usb_x64)
DRV:64bit: - [2008.03.17 19:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2007.08.21 09:34:58 | 000,021,280 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19946&mntrId=bafebd2a0000000000000021851242a9
IE - HKCU\..\SearchScopes\{5F437C28-9CD1-4424-921D-293F1842F95E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{644AC527-9224-40F7-B0CD-01F06752B211}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=610C0FE2-11FC-4A21-842E-9B5FACD4D08F&apn_sauid=DCA17F15-1824-4421-8FFE-A0E22F7A28D2&
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE421
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://search.avg.com/route/?d=4b4ba715&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541580864951385
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Stefan Golea\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv522.dll (1 mal 1 Software GmbH)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Stefan Golea\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Shiretoko 3.5.6\extensions\\Components: C:\PROGRAM FILES (X86)\SHIRETOKO\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Shiretoko 3.5.6\extensions\\Plugins: C:\PROGRAM FILES (X86)\SHIRETOKO\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012.06.14 07:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012.06.14 07:54:13 | 000,000,000 | ---D | M]

[2010.02.23 23:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Extensions
[2010.02.12 13:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.11.30 17:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions
[2010.06.24 12:26:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.30 18:11:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.15 13:31:15 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011.05.19 19:03:46 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\engine@plasmoo.com
[2011.11.30 17:24:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\ffxtlbr@babylon.com
[2011.08.03 09:37:40 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Stefan Golea\AppData\Roaming\mozilla\Firefox\Profiles\07hdiwtr.default\extensions\plugin@yontoo.com
[2011.06.10 10:29:42 | 000,002,398 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Roaming\Mozilla\Firefox\Profiles\07hdiwtr.default\searchplugins\askcom.xml
[2010.03.04 11:38:32 | 000,000,873 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Roaming\Mozilla\Firefox\Profiles\07hdiwtr.default\searchplugins\conduit.xml
[2011.09.27 13:36:26 | 000,002,207 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Roaming\Mozilla\Firefox\Profiles\07hdiwtr.default\searchplugins\MyStart Search.xml
[2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Roaming\Mozilla\Firefox\Profiles\07hdiwtr.default\searchplugins\plasmoo.xml
[2011.11.28 14:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.19 11:09:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.13 10:19:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.24 10:49:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.21 15:00:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.07 13:28:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.25 10:35:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.24 12:07:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.0.1086\7.0.1086\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\STEFAN GOLEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\07HDIWTR.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.06.02 21:27:42 | 001,447,344 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stefan Golea\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Stefan Golea\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Stefan Golea\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Flatcast Viewer Plugin 5.2.2.454 (Enabled) = C:\Windows\DOWNLO~1\NpFv522.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Stefan Golea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: ProxyTube = C:\Users\Stefan Golea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmbofoofebojccpdnfhnegmiifdgpfg\1.3.0_0\
CHR - Extension: Google-Suche = C:\Users\Stefan Golea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Stefan Golea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll File not found
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Stefan Golea\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Stefan Golea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan Golea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Stefan Golea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stefan Golea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan Golea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stefan Golea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://92.51.137.94/objects/NpFv522.dll (Flatcast Viewer 5.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED233939-003B-4367-A27F-293C429D384E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.10 15:40:34 | 000,000,103 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - Unable to obtain root file information for disk I:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.15 14:06:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan Golea\Desktop\OTL.exe
[2012.06.15 12:31:24 | 000,000,000 | ---D | C] -- C:\Users\Stefan Golea\AppData\Roaming\Malwarebytes
[2012.06.15 12:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.15 12:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.15 12:31:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.15 12:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Stefan Golea\*.tmp files -> C:\Users\Stefan Golea\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.16 01:24:07 | 000,000,020 | ---- | M] () -- C:\Users\Stefan Golea\defogger_reenable
[2012.06.16 00:40:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.15 17:37:51 | 001,538,810 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.15 17:37:51 | 000,669,180 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.15 17:37:51 | 000,630,456 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.15 17:37:51 | 000,134,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.15 17:37:51 | 000,111,116 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.15 14:06:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan Golea\Desktop\OTL.exe
[2012.06.15 13:54:51 | 000,050,477 | ---- | M] () -- C:\Users\Stefan Golea\Desktop\Defogger.exe
[2012.06.15 12:31:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.15 11:12:54 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 11:12:54 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 11:04:21 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.15 11:03:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.15 11:03:42 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 12:42:41 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.14 08:36:10 | 000,885,995 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Local\census.cache
[2012.06.14 08:36:10 | 000,152,135 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Local\ars.cache
[2012.06.14 08:36:10 | 000,000,036 | ---- | M] () -- C:\Users\Stefan Golea\AppData\Local\housecall.guid.cache
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Stefan Golea\*.tmp files -> C:\Users\Stefan Golea\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.16 01:24:06 | 000,000,020 | ---- | C] () -- C:\Users\Stefan Golea\defogger_reenable
[2012.06.15 13:54:51 | 000,050,477 | ---- | C] () -- C:\Users\Stefan Golea\Desktop\Defogger.exe
[2012.06.15 12:31:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.14 08:34:53 | 000,885,995 | ---- | C] () -- C:\Users\Stefan Golea\AppData\Local\census.cache
[2012.06.14 08:34:43 | 000,152,135 | ---- | C] () -- C:\Users\Stefan Golea\AppData\Local\ars.cache
[2012.06.14 08:19:14 | 000,000,036 | ---- | C] () -- C:\Users\Stefan Golea\AppData\Local\housecall.guid.cache
[2011.11.25 12:33:43 | 000,994,304 | ---- | C] () -- C:\Windows\SysWow64\veproshared32.dll
[2011.11.18 15:06:17 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.11.18 15:06:17 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.11.18 15:04:39 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.11.18 15:04:38 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.11.18 15:04:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011.11.18 15:04:22 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011.10.31 17:01:16 | 000,001,547 | ---- | C] () -- C:\Windows\SysWow64\privatedata.dll
[2011.10.07 09:47:38 | 000,000,021 | ---- | C] () -- C:\Users\Stefan Golea\AppData\Local\mc.pixel.data
[2011.09.27 13:36:24 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.09.15 09:35:45 | 000,000,624 | -H-- | C] () -- C:\Program Files (x86)\Common Files\_Z3
[2011.09.15 09:35:05 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2
[2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.07.22 09:51:39 | 000,006,656 | ---- | C] () -- C:\Users\Stefan Golea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.20 14:47:12 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.06.20 14:47:12 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.06.22 11:50:23 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys

========== Files - Unicode (All) ==========
[2010.06.18 00:26:37 | 000,010,970 | ---- | M] ()(C:\Users\Stefan Golea\Documents\????? ?? ???????.docx) -- C:\Users\Stefan Golea\Documents\Книги не говорят.docx
[2010.06.18 00:26:37 | 000,010,970 | ---- | C] ()(C:\Users\Stefan Golea\Documents\????? ?? ???????.docx) -- C:\Users\Stefan Golea\Documents\Книги не говорят.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 1263 bytes -> C:\ProgramData\Microsoft:O75E0hVVOERYXwa17Xx295Rmv
@Alternate Data Stream - 1221 bytes -> C:\ProgramData\Microsoft:NAZos8Pm1CjfYscjs

< End of report >

OTL Extras logfile created on: 16.06.2012 01:27:09 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Stefan Golea\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 4,52 Gb Available Physical Memory | 56,47% Memory free
16,00 Gb Paging File | 12,11 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 256,53 Gb Free Space | 36,72% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 276,33 Gb Free Space | 59,33% Space Free | Partition Type: NTFS
Drive F: | 19,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 931,28 Gb Total Space | 504,06 Gb Free Space | 54,13% Space Free | Partition Type: FAT32
Drive I: | 465,64 Gb Total Space | 230,45 Gb Free Space | 49,49% Space Free | Partition Type: FAT32

Computer Name: MUSICPC | User Name: Stefan Golea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FDE6ABC-94C9-4438-BF57-1669351DC53F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B1AEB64-E55A-4E31-A557-9D7A112CFA81}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D911975-D61E-457B-8A0E-D77281C821B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{4344A4A7-2EBE-45AE-8507-64D7EB83E0F0}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{6A3D0668-3699-4B86-81E4-F90EC7CDC75D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{83693EFE-B897-4EA2-9752-7C2FAADC36D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DBAE2F7-9424-4CF5-8D93-AD73BF2ABDCF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A26CF444-2680-4A4F-B866-AEA5953570BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C08CAF3F-03CB-414D-A4D3-FECC9C820DC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CEADA4F6-0137-4636-9E88-70146A7C0925}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DDB16C05-264D-4EF5-8BC1-2D7C94808AAE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6840118-50B1-46BC-B7D5-171BD5237E7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7C7B440-282A-4561-AC48-746F4B5106CF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FE4FD6FC-28CB-4323-BDCA-9CDD06F94FCB}" = lport=50846 | protocol=6 | dir=in | name=akamai netsession interface |
"{FE86BC60-4D43-4502-B642-0B08BDE8B016}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0905CE9D-31A8-43B0-AF6D-41502B1275B7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0DA4EBB2-A224-4217-8256-994641117D83}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{12D50141-4155-4180-A09D-841E4B7A4A5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1ACAC894-1909-473E-8A93-C9FD0B6A0985}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{237613DA-6FCE-4FAB-B5AD-45061AE48E93}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{244EE25B-A65A-4AC7-A29B-D29F39A9E345}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3196E703-41C5-4E14-AF26-31857125828F}" = protocol=6 | dir=in | app=c:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe |
"{3562EFBF-63D4-4026-960E-BBB6DD52A770}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3EFA7307-1F14-4403-B0B2-2A5FFDF5DCC1}" = protocol=6 | dir=in | app=c:\users\stefan golea\appdata\local\akamai\netsession_win.exe |
"{41854755-0DC2-4AEE-9D89-61CE4381892F}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{45625E5E-4B44-4CF1-AD2F-8EDA8180E2E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{54596796-F288-4161-81FC-011437970200}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5498A947-DD0D-4499-BC04-C26220F1544F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54D90A3B-63AD-4D9E-A49A-91C80FD19698}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{589026DB-59A3-40C7-BF9E-ECD9CEDC1178}" = protocol=6 | dir=in | app=c:\users\stefan golea\appdata\local\akamai\netsession_win.exe |
"{638FEE37-21BD-4EAC-8564-44DFE65DED58}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6DC3EF49-2CFE-47C1-B741-C1E0A57BB6B1}" = protocol=17 | dir=in | app=c:\users\stefan golea\appdata\local\akamai\netsession_win.exe |
"{800C25E6-3B8C-4868-B645-39F12B6A1591}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8157990E-1382-43AE-99F6-930F49D1AB75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81C5B2B4-123C-457C-8FA7-827AC9230B63}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{89D4DDED-B055-4F3E-A5F5-E92BABCA1EB2}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8F1BE9EF-96A6-43D5-80FC-B1F7152FD0ED}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9165B066-6161-4CAC-925B-123F99B120AB}" = protocol=6 | dir=out | app=system |
"{961E51DE-8F94-4E2E-9068-F8B0DD39F6FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A7037832-5E58-40CB-BBCC-48F9D887034A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A8CE2BDF-C30D-4AE3-8C8A-D4AE90F22773}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A92BE722-DD98-4B38-9557-D0C128DF3C7B}" = protocol=17 | dir=in | app=c:\users\stefan golea\appdata\local\akamai\netsession_win.exe |
"{ABB9D70C-9E71-40D6-8AC7-681AE4C7876B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA8C7F57-5BF9-4226-8EB7-CBF47991165A}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe |
"{C3106D9A-5798-42E1-B269-310B68120E09}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{C5FB4A9D-C6C0-4854-8B4D-9AA1F0C9BEF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C83C7CB7-1A63-4ACD-A30C-6AFDA9C108FF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D32A1AF2-16DC-491D-8AD7-ABE99ED31093}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D50DE2A8-3BBE-478A-8C9F-893D1AAF802D}" = protocol=17 | dir=in | app=c:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe |
"{DAB5A1F1-8D28-4F32-A96F-9E9214256547}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe |
"{E3CFAF00-C88C-4DCD-AF34-7DBBBC43BA32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE855EED-2C42-4D7F-9C8B-E1B4518FF797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F22B993F-AB89-4517-9AFE-C2BE8259229C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F75474D3-3A7E-4A0D-BC3D-78F6A7EF4566}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FD41051B-3EE2-4416-B345-F0088A770772}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE9806E1-8BA1-4A44-854C-6D1DE93A5D3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{68FAF071-9895-41BE-BBE3-F9AB39E54886}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{7C13ADAE-B02E-48FF-A44B-63B62327C28A}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 5\components\vstbridgeapp.exe |
"TCP Query User{84A1E367-9AD5-43C2-94E3-B18CA4FD8AC8}C:\program files\vienna ensemble pro\vienna ensemble pro x64.exe" = protocol=6 | dir=in | app=c:\program files\vienna ensemble pro\vienna ensemble pro x64.exe |
"TCP Query User{8E8061E3-935D-43EA-B7D0-4B1FF9826058}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{92E6F394-AF75-4B4F-B6A7-BD26BB7C77D4}C:\program files\steinberg\cubase 5\cubase5.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 5\cubase5.exe |
"TCP Query User{96DABA40-F91C-4B02-B099-136E22CAF76A}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{9CB6D9AE-FBB0-4962-B855-E4C2E6272FA3}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 6\components\vstbridgeapp.exe |
"TCP Query User{B33472C4-D96C-4972-9E8F-A9599E696164}C:\program files\vienna ensemble pro\vienna ensemble pro.exe" = protocol=6 | dir=in | app=c:\program files\vienna ensemble pro\vienna ensemble pro.exe |
"TCP Query User{C25C9D0C-ABA9-4369-AB39-25CBB1935CB8}C:\program files\steinberg\cubase 6\cubase6.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 6\cubase6.exe |
"TCP Query User{DC9AC11F-6CE4-4AEA-B6B1-A0DC99FE9F3E}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{DE2D784A-17F7-4CFC-B0B2-87A3B335CBFB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{E773CFCB-373D-4C47-8B58-077BDD5EE5B4}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{EB6A2E3C-AFE6-479D-9853-846D47FB4EFE}C:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1EFD4B87-8091-4DD9-AA07-11B0864EE58A}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 6\components\vstbridgeapp.exe |
"UDP Query User{25AE60E6-E7B2-413A-80C3-29632E2892B6}C:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\stefan golea\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{29E63DC1-27A3-446B-BDB5-D4877E614798}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{551A8799-9421-44CF-A499-8E5E9ADF1169}C:\program files\steinberg\cubase 5\cubase5.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 5\cubase5.exe |
"UDP Query User{6AC4A7C0-7971-4B15-957A-FFB708441814}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{7F0F2121-8B0E-47D6-AAC5-8D671BB5B2F2}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{818717ED-4251-4F86-ADB5-629EEFE56D7C}C:\program files\vienna ensemble pro\vienna ensemble pro.exe" = protocol=17 | dir=in | app=c:\program files\vienna ensemble pro\vienna ensemble pro.exe |
"UDP Query User{824C3677-BA0D-4376-AE08-1C2365EA264F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{8D46A837-614D-42CF-939C-AE11912321D3}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 5\components\vstbridgeapp.exe |
"UDP Query User{A58A1062-634F-4019-A5CE-971CE4A45D2A}C:\program files\steinberg\cubase 6\cubase6.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 6\cubase6.exe |
"UDP Query User{B7E6A259-0E71-4E31-8EC7-A4226EFA2AB8}C:\program files\vienna ensemble pro\vienna ensemble pro x64.exe" = protocol=17 | dir=in | app=c:\program files\vienna ensemble pro\vienna ensemble pro x64.exe |
"UDP Query User{C45EFB35-52A4-488C-BD95-DE31DF9C392D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{EF144E12-19B1-4E26-8F7C-8749A2177A18}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D6CCD2B-DF70-4E77-B002-3208B1976D3C}" = Steinberg HALion 3 64bit
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{110C673D-E8C1-44C6-85D3-4BD29513FC88}" = Native Instruments Acoustic Refractions
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14C1DD2C-D54E-464A-9588-C109E3E39EEF}" = Native Instruments Vintage Organs
"{199c6b63-fcb2-49f4-9859-ff78ddd0bb90}" = Native Instruments Scarbee Clavinet Pianet
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor
"{36ccb7d4-42c7-473e-b293-72e41a8ec766}" = Native Instruments Berlin Concert Grand
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{45da1e94-82eb-4778-be0d-47c8d9e8451b}" = Native Instruments Scarbee Mark I
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{52931732-892F-4D54-A84A-3EDE25F9BCA2}" = Native Instruments Komplete 7
"{5B841301-3649-4891-BC10-7A66820397C9}" = Native Instruments Reaktor Prism
"{5cd7e481-59d1-4961-a964-019f162b1f27}" = Native Instruments Scarbee A-200
"{5D03CB59-6F91-4097-922C-9DCA057D2A76}" = Native Instruments The Finger R2
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60BB45B2-E8E4-41C5-B69F-C6DC5D991DF5}" = Native Instruments Abbey Road 60s Drums
"{6347E7B5-806F-4302-906A-05C62CCEA502}" = Tpkd x64
"{65B7E38D-10F8-4B1A-8EE3-BF2362CF12AE}" = Native Instruments Kontakt 4 Factory Content
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{743C5D75-6BC8-4881-BF7D-E7DF29F155F4}" = Steinberg HALionOne 64bit
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{9be187da-7d1c-4e8b-8b66-6132ca7697d8}" = Native Instruments New York Concert Grand
"{a63e8179-0381-4b59-8876-0755be48eb6a}" = Native Instruments Scarbee MM-Bass
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B5DCC899-D29E-43E0-A445-F7BF0F571017}" = Steinberg HALion Sonic 64bit
"{B99C316B-C135-43B5-8E77-2BC5E241F964}" = Steinberg HALion Sonic SE 64bit
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C6651CD0-4892-4465-96AC-C9864A695FF9}" = Steinberg Cubase 6 64bit
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire
"{d8650fdb-9422-4a07-9f57-585c06d9d760}" = Native Instruments Upright Piano
"{dc8b9571-8363-44c2-85e0-ea13ab89d032}" = Native Instruments Vienna Concert Grand
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{EC015649-3B3C-4611-9C66-453F8011E944}" = Native Instruments Kontakt 4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7B8AA38-EB63-4360-B09D-FDE7BAA52C3A}" = Steinberg HALion Symphonic Orchestra 64bit
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Focusrite USB Audio Driver_is1" = Focusrite USB Audio Driver 1.8
"HP LaserJet M1522" = HP LaserJet M1522 MFP Series 1.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"NVIDIA Drivers" = NVIDIA Drivers
"Saffire PRO 40_is1" = Saffire MixControl 2.0
"Sibelius 7.0.0.23_is1" = Sibelius 7.0.0.23
"Vienna Ensemble Pro_is1" = Vienna Ensemble Pro 5.0.9687
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1312306D-F0A5-4B64-BA34-AC6169A3A098}" = Steinberg HALion Symphonic Orchestra VST Sound Instrument Set
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1864B4F0-7777-4A57-9930-C2B307597966}" = MusicLab RealGuitar 2.0
"{1864B4F0-7777-5A57-9930-C2B307597966}" = MusicLab RealGuitar
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AA20A3E-B833-4309-9155-8A15D479D46F}" = Steinberg HALion Sonic Content
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2C74EC44-ECCE-4C3E-8DFC-236D7052F5AD}" = hppscanM1522
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3C073C77-36A9-421B-8EA8-2F40D39DB131}" = Steinberg Sequel Content Set ChillOut
"{3E487A7F-2F7E-4D96-9103-C77968CCBD45}" = hpzTLBXFX
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{591B2FA3-E8BC-4163-B1E8-0723DFB67E1D}" = SanDisk ® Media Manager
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DEF53CC-4512-4BE3-BA49-89BEDE0B7917}" = hppLJM1522
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7325A8DF-C8C3-4425-B0CA-8CAEE5E6464B}" = Sibelius 7 OpenType Fonts
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A600039-FED6-4C81-AA6E-F151F7FA7EE7}_is1" = Sonalksis Plug-in Manager 3.00
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.3.0
"{82327AE2-4C5D-46F7-AAE2-2D4BEC7AA60D}" = hppManualsM1522
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}" = Steinberg LoopMash Content 2
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC253CE-E37F-48F2-AC01-CDA7C0ABB30D}" = hppTLBXFXM1522
"{8CBA7E47-48DA-47DC-8E98-6984BA830295}" = Steinberg VST Amp Rack Content 01
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9606A332-1C71-466F-873C-C47CA3B53E7D}" = hppScanTo
"{99E8E2CD-53AF-487D-86C0-E0DBD2AF4168}" = hppusgM1522
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}" = Steinberg HALion Sonic SE Content
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.6
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B31F8DD0-002C-4ED7-A6D4-E275C4A92E66}" = Steinberg Instrument Set Synthesizers
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BB909FED-3963-4CCC-A538-92F5022C3818}" = hppFaxDrvM1522
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CF07B703-ACF2-4003-AF18-1EA840920D38}}_is1" = Focusrite Plug-in Suite 1.0.2
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4C5CF89-51BC-4B2B-9057-EA2D24B56148}" = hppIOFiles
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E6B586A0-6C65-4AD3-8347-233E7610EE23}_is1" = Sibelius Sounds Choral for Sibelius 6
"{ED9A9F6F-63CD-40F2-837B-5E1319E86692}" = Scan
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0EB3969-C007-4ABE-9245-990C5E021A8F}_is1" = Sibelius Sounds Essentials for Sibelius 6
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F533A90F-4E9E-4A17-A085-BD285B6AA57A}" = Sibelius Scorch (all browsers)
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Akamai" = Akamai NetSession Interface Service
"BurnAware Free_is1" = BurnAware Free 4.5
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"eLicenser Control" = eLicenser Control
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"ElsterFormular 12.4.0.7094u" = ElsterFormular
"elysia niveau filter Native_is1" = elysia niveau filter Native 1.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Studio_is1" = Free Studio version 5.2.1
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"MuseScore" = MuseScore 1.1 MuseScore score typesetter
"Native Instruments Abbey Road 60s Drums" = Native Instruments Abbey Road 60s Drums
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Acoustic Refractions" = Native Instruments Acoustic Refractions
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Berlin Concert Grand" = Native Instruments Berlin Concert Grand
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 7" = Native Instruments Komplete 7
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt 4 Factory Content" = Native Instruments Kontakt 4 Factory Content
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments New York Concert Grand" = Native Instruments New York Concert Grand
"Native Instruments Rammfire" = Native Instruments Rammfire
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Prism" = Native Instruments Reaktor Prism
"Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2
"Native Instruments Reflektor" = Native Instruments Reflektor
"Native Instruments Scarbee A-200" = Native Instruments Scarbee A-200
"Native Instruments Scarbee Clavinet Pianet" = Native Instruments Scarbee Clavinet Pianet
"Native Instruments Scarbee Mark I" = Native Instruments Scarbee Mark I
"Native Instruments Scarbee MM-Bass" = Native Instruments Scarbee MM-Bass
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments The Finger R2" = Native Instruments The Finger R2
"Native Instruments Traktors 12" = Native Instruments Traktors 12
"Native Instruments Upright Piano" = Native Instruments Upright Piano
"Native Instruments Vienna Concert Grand" = Native Instruments Vienna Concert Grand
"Native Instruments Vintage Organs" = Native Instruments Vintage Organs
"OUTLOOKR" = Microsoft Office Outlook 2007
"Picasa 3" = Picasa 3
"Sibelius 6_is1" = Sibelius 6.1.0.14
"Steinberg Groove Agent 3" = Steinberg Groove Agent 3
"Synergy" = Synergy
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"WaveLabPro" = WaveLab 6
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.01
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Suche Schutzvorkehrung
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"FoxTab Music Converter" = FoxTab Music Converter
"FoxTab PDF Creator" = FoxTab PDF Creator
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.06.2012 02:15:44 | Computer Name = MusicPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.06.2012 02:16:25 | Computer Name = MusicPC | Source = WinMgmt | ID = 10
Description =

Error - 14.06.2012 05:28:43 | Computer Name = MusicPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 14.06.2012 05:29:24 | Computer Name = MusicPC | Source = WinMgmt | ID = 10
Description =

Error - 14.06.2012 05:41:45 | Computer Name = MusicPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 12.0.6607.1000,
Zeitstempel: 0x4e398dcd Name des fehlerhaften Moduls: OGL.DLL_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4e151f7e Ausnahmecode: 0xc0000005 Fehleroffset: 0x5ede617c
ID
des fehlerhaften Prozesses: 0x156c Startzeit der fehlerhaften Anwendung: 0x01cd4a11bd80eacc
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
Pfad
des fehlerhaften Moduls: OGL.DLL Berichtskennung: 273e0edf-b605-11e1-96da-0021851242a9

Error - 14.06.2012 06:08:06 | Computer Name = MusicPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 15.06.2012 05:04:41 | Computer Name = MusicPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 15.06.2012 05:05:27 | Computer Name = MusicPC | Source = WinMgmt | ID = 10
Description =

Error - 15.06.2012 08:09:47 | Computer Name = MusicPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Stefan
Golea\Downloads\SoftonicDownloader_fuer_virtualdub.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 15.06.2012 08:09:49 | Computer Name = MusicPC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Stefan
Golea\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up (1).exe". Fehler
in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

[ OSession Events ]
Error - 26.05.2011 02:38:41 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22.06.2011 13:27:39 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16.08.2011 03:08:46 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13.10.2011 05:40:27 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 61
seconds with 60 seconds of active time. This session ended with a crash.

Error - 13.10.2011 05:41:47 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 68
seconds with 60 seconds of active time. This session ended with a crash.

Error - 20.11.2011 05:12:34 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03.12.2011 08:42:18 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 120
seconds with 60 seconds of active time. This session ended with a crash.

Error - 01.02.2012 05:07:59 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28.02.2012 02:17:06 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.06.2012 05:41:45 | Computer Name = MusicPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15.06.2012 05:06:33 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.

Error - 15.06.2012 05:06:33 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
wurde aufgrund folgenden Fehlers nicht gestartet: %%1053

Error - 15.06.2012 05:09:11 | Computer Name = MusicPC | Source = DCOM | ID = 10005
Description =

Error - 15.06.2012 05:09:11 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%5

Error - 15.06.2012 09:05:43 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%5

Error - 15.06.2012 09:06:06 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%5

Error - 15.06.2012 13:57:22 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%5

Error - 15.06.2012 13:57:41 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%5

Error - 15.06.2012 18:57:49 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%5

Error - 15.06.2012 18:58:07 | Computer Name = MusicPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%5

[ TuneUp Events ]
Error - 04.05.2010 03:57:09 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 04.05.2010 03:57:14 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 04.05.2010 03:57:14 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 04.05.2010 03:57:19 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 04.05.2010 03:57:19 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 04.05.2010 03:57:24 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 04.05.2010 03:57:24 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 04.05.2010 03:57:29 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 04.05.2010 03:57:29 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 04.05.2010 03:57:31 | Computer Name = MusicPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >

Mit freundlichen Grüßen
Angehängte Dateien
Dateityp: txt mbam-log-2012-06-16 (11-36-00).txt (5,8 KB, 154x aufgerufen)

Alt 18.06.2012, 13:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Pc mit Windows Update Trojaner infiziert - Standard

Pc mit Windows Update Trojaner infiziert



Zitat:
C:\Users\Stefan Golea\Downloads\SoftonicDownloader_fuer_virtualdub.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Antwort

Themen zu Pc mit Windows Update Trojaner infiziert
adware.installcore, akamai, alternate, babylon toolbar, babylontoolbar, bho, bingbar, bonjour, conduit, converter, cubase, dateisystem, device driver, e-mail, error, festplatte, firefox, flash player, google, helper, heuristiks/extra, heuristiks/shuriken, hewlett packard, home, iexplore.exe, infiziert., install.exe, logfile, microsoft office word, mp3, object, office 2007, pdf creator, realtek, registry cleaner, richtlinie, scan, searchscopes, security, senden, software, spark, svchost.exe, system, trojaner, version., version=1.0, visual studio, windows, yontoo



Ähnliche Themen: Pc mit Windows Update Trojaner infiziert


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update
    Log-Analyse und Auswertung - 08.02.2015 (15)
  3. Mit BKA Trojaner auf Windows XP Rechner infiziert
    Log-Analyse und Auswertung - 21.04.2014 (11)
  4. Windows Verschlüsselungs Trojaner infiziert
    Log-Analyse und Auswertung - 29.06.2012 (5)
  5. Mit Windows-Verschlüsselungs-Trojaner infiziert.
    Log-Analyse und Auswertung - 19.06.2012 (0)
  6. Windows-Verschlüsselungs Trojaner infiziert
    Log-Analyse und Auswertung - 13.06.2012 (1)
  7. PC infiziert mit Windows-Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 12.06.2012 (13)
  8. Windows Verschlüsselungs Trojaner infiziert!
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (31)
  9. Infiziert mit Windows-Update-Trojaner
    Log-Analyse und Auswertung - 08.06.2012 (1)
  10. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  11. NOTEBOOK INFIZIERT MIT Verschlüsselungs-Trojaner - Windows Update/Ukash
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  12. Infiziert mit Windows-Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  13. Windows Notfall Sicherheits Update Center - Windows XP Trojaner
    Log-Analyse und Auswertung - 21.05.2012 (2)
  14. Windows-Verschlüsselung Trojaner infiziert
    Log-Analyse und Auswertung - 08.05.2012 (2)
  15. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  16. mit Windows Verschlüsselungs Trojaner infiziert
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (13)
  17. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)

Zum Thema Pc mit Windows Update Trojaner infiziert - Hallo, Ich habe durch das unvorsichteige Öffnen eines e-mail Anhangs mein PC mit dem Windos Update Trojaner infiziert. Ich konnte mein PC von einer ander Festplatte mit einem sauberem System - Pc mit Windows Update Trojaner infiziert...
Archiv
Du betrachtest: Pc mit Windows Update Trojaner infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.