Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Falsche Links in Google-Suche

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.09.2012, 14:02   #1
Susy
 
Falsche Links in Google-Suche - Frage

Falsche Links in Google-Suche



Hallo liebe Experten!

Ich hab auf meinem HP-Notebook (Win7pro 64 bit) seit ein paar Tagen das Problem, das hier im Forum schon öfter beschrieben wurde:
Bei der Google-Suche in Firefox und Chrome und beim anschließenden Klick auf "Link in neuem Tab öffnen" öffnet sich ein falscher Link, etwa zu Viewster oder irgendwelchen Reiseseiten oä., jedenfalls nicht der, den ich anzuklicken glaubte.

Avira-Guard ist im Hintergrund aktiv; ich bereinige regelmäßig mit CCleaner, muss nur leider zugeben, dass ich mit Windows-Updates (sehr) faul bin.
Ich habe heute zunächst einen Avira-Scan gestartet, der ergebnislos blieb. Auch der anschließende Malwarebytes-Scan meldete keine Funde. Ebensowenig ergab der Scan über HouseCall etwas, den mein Mann mir vorgeschlagen hat.

Ich mach mir trotzdem Sorgen, dass ich mir da was eingefangen habe und bitte um eure Unterstützung bei der Suche. Ich habe noch keine weiteren Schritte unternommen und warte, was ihr zu meinen Logfiles meint.

Vielen Dank im voraus und herzliche Grüße aus NÖ,
Susy

Hier meine OTL.txt:

Code:
ATTFilter
OTL logfile created on: 23.09.2012 13:03:19 - Run 1
OTL by OldTimer - Version 3.2.66.0     Folder = D:\_Setups\_System\Malware entfernen
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 78,10% Memory free
15,72 Gb Paging File | 13,86 Gb Available in Paging File | 88,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224,78 Gb Total Space | 174,41 Gb Free Space | 77,59% Space Free | Partition Type: NTFS
Drive D: | 223,68 Gb Total Space | 105,23 Gb Free Space | 47,04% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,48 Gb Free Space | 74,72% Space Free | Partition Type: FAT32
 
Computer Name: NB-SUSY2 | User Name: Susy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.23 12:41:44 | 000,601,600 | ---- | M] (OldTimer Tools) -- D:\_Setups\_System\Malware entfernen\OTL.exe
PRC - [2012.06.20 13:51:58 | 002,206,984 | ---- | M] (AgileBits) -- D:\Datenbanken\1Password\Agile1pAgent.exe
PRC - [2012.06.20 13:51:48 | 000,768,776 | ---- | M] (AgileBits) -- D:\Datenbanken\1Password\Agile1pService.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.17 01:04:20 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.07.26 14:09:00 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.30 15:55:00 | 004,910,592 | ---- | M] () -- C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.04 15:24:32 | 002,346,496 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
PRC - [2010.04.05 19:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010.04.05 19:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2010.02.25 16:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009.12.03 10:12:10 | 000,245,248 | ---- | M] () -- C:\Program Files\activAid\AutoHotkey\AutoHotkey.exe
PRC - [2009.11.25 03:57:20 | 000,627,976 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2009.11.21 05:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.11.19 00:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009.11.04 23:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.04 23:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.31 16:36:22 | 000,376,832 | ---- | M] () -- D:\Datenbanken\1Password\js3215R.dll
MOD - [2011.05.30 15:55:00 | 004,910,592 | ---- | M] () -- C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe
MOD - [2011.02.04 15:24:38 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011.02.04 15:24:32 | 002,346,496 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
MOD - [2010.12.12 12:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010.12.12 12:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010.12.12 12:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010.12.12 12:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010.12.12 12:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010.12.12 12:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010.05.23 20:20:08 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lfs.dll
MOD - [2010.05.23 20:20:04 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lua51.dll
MOD - [2009.12.03 10:12:10 | 000,245,248 | ---- | M] () -- C:\Program Files\activAid\AutoHotkey\AutoHotkey.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.03.20 19:43:42 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2012.03.20 19:43:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011.08.31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.07.06 10:36:36 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.06.03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011.05.13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.07.21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010.02.18 15:52:30 | 002,045,232 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010.02.01 18:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV:64bit: - [2010.02.01 18:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)
SRV:64bit: - [2009.11.25 03:57:20 | 000,462,088 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2009.11.20 00:14:32 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.08.03 22:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.21 18:35:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.10 07:47:14 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.20 13:51:48 | 000,768,776 | ---- | M] (AgileBits) [Auto | Running] -- D:\Datenbanken\1Password\Agile1pService.exe -- (Agile1Password)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.07.26 14:09:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.06 10:34:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.04.05 19:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.18 15:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.11.19 00:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009.11.04 23:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.04 23:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.20 19:43:43 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.08.08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.08.08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.08.03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.07.26 14:09:01 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.26 14:09:01 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.20 01:08:54 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.05.20 01:08:54 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.05.13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.09.11 01:15:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.06.03 17:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.04.21 17:00:30 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2010.04.21 11:56:28 | 000,091,280 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yusbaud64.sys -- (yusbaud64)
DRV:64bit: - [2010.04.05 19:31:54 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.01 18:11:36 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:64bit: - [2010.02.01 18:11:34 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:64bit: - [2010.02.01 18:11:32 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.12.30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.11.21 05:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.21 05:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.06 02:36:26 | 000,293,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009.10.29 02:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009.10.26 23:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009.10.26 22:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.29 01:46:00 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009.09.17 22:56:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.09.17 22:56:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.09.17 22:56:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.09.17 22:56:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.16 16:55:00 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2009.08.26 12:45:10 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2009.08.03 22:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.07.21 00:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.26 02:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.26 01:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.26 01:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 12:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.02.13 12:35:46 | 012,379,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2010.02.01 18:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010.02.01 18:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010.02.01 18:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010.02.01 18:11:22 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009.09.16 16:55:00 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.08.26 12:45:10 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2008.02.13 12:34:50 | 012,067,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71}
IE:64bit: - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71}
IE - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {E8E96765-A1D3-44EA-9102-639084622E71}
IE - HKCU\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Susy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Susy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010.09.11 00:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 07:47:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.09 09:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.03.04 20:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Extensions
[2011.07.07 00:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.06 21:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions
[2011.07.22 19:57:07 | 000,000,000 | ---D | M] (Image Zoom) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012.01.04 15:08:41 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.07.22 19:57:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.30 08:48:54 | 000,000,000 | ---D | M] (FEBE) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012.04.09 20:08:13 | 000,000,000 | ---D | M] (IE Tab) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012.09.04 14:02:41 | 000,000,000 | ---D | M] (WOT) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.04.07 12:17:11 | 000,000,000 | ---D | M] (HP Detect) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012.06.09 01:01:01 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011.07.22 19:57:27 | 000,000,000 | ---D | M] (Unread Tabs) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{f57f9be0-5281-11d9-9669-0800200c9a664}
[2011.07.22 19:57:28 | 000,000,000 | ---D | M] (bit.ly preview) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\bitlypreview@jay.ridgeway
[2012.02.09 22:56:26 | 000,000,000 | ---D | M] (Cooliris) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\piclens@cooliris.com
[2011.07.22 19:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\temp
[2012.07.31 08:29:49 | 000,242,942 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\brief@mozdev.org.xpi
[2012.09.04 12:36:27 | 001,625,368 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\firebug@software.joehewitt.com.xpi
[2012.09.06 21:28:48 | 001,515,292 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\onepassword@agilebits.com.xpi
[2012.09.04 12:14:50 | 000,084,654 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi
[2012.08.28 19:34:12 | 000,341,143 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.09.05 21:34:01 | 001,268,546 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.07.25 09:01:07 | 000,741,958 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.21 22:10:52 | 000,138,614 | ---- | M] () (No name found) -- C:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.07.12 07:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.12 07:10:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.10 07:47:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.18 11:32:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 07:47:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.18 11:32:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.18 11:32:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.18 11:32:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.18 11:32:12 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:home
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Susy\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Susy\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Susy\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Susy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\users\Susy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\users\Susy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: 1Password = C:\users\Susy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkndfifopckmhdkohjeoljlbfnjhekfg\3.9.8.39899_0\
CHR - Extension: General Crawler = C:\users\Susy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\
CHR - Extension: Google Mail = C:\users\Susy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.07.12 11:13:42 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com   
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - D:\Datenbanken\1Password\Agile1pIE.dll (AgileBits)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACPW05DE] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [Agile1pAgent] D:\Datenbanken\1Password\Agile1pAgent.exe (AgileBits)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [KCodes UDS Control Center] C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe ()
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [pdfSaver3]  File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - Startup: C:\Users\Susy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk =  File not found
O4 - Startup: C:\Users\Susy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\users\Susy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - D:\Datenbanken\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra 'Tools' menuitem : 1Password	Ctrl+Alt+P - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - D:\Datenbanken\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.3.96.67 213.33.98.136
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D7426F6-070B-42DD-A47A-826DAAF5D4CC}: DhcpNameServer = 195.3.96.67 213.33.98.136
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.23 12:10:13 | 000,000,000 | ---D | C] -- C:\Users\Susy\AppData\Roaming\Malwarebytes
[2012.09.23 12:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2012.09.23 12:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.23 12:10:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.09.23 12:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes
[2012.08.28 19:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.08.26 07:46:47 | 000,000,000 | ---D | C] -- D:\_Desktop\Neuer Ordner
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Susy\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Susy\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Susy\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Susy\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.23 13:05:19 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 13:05:19 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 13:02:00 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.09.23 13:02:00 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.09.23 13:02:00 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.09.23 13:02:00 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.09.23 13:02:00 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.09.23 12:57:17 | 000,000,310 | ---- | M] () -- C:\windows\tasks\wwzvrpoxkw.job
[2012.09.23 12:57:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.09.23 12:57:05 | 2033,745,919 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.23 12:56:07 | 000,000,020 | ---- | M] () -- C:\Users\Susy\defogger_reenable
[2012.09.23 12:35:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.09.23 12:10:05 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.23 12:09:14 | 000,881,281 | ---- | M] () -- C:\Users\Susy\AppData\Local\census.cache
[2012.09.23 12:09:05 | 000,144,546 | ---- | M] () -- C:\Users\Susy\AppData\Local\ars.cache
[2012.09.23 11:59:03 | 000,000,036 | ---- | M] () -- C:\Users\Susy\AppData\Local\housecall.guid.cache
[2012.09.18 13:28:00 | 000,001,953 | ---- | M] () -- C:\Users\Susy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk
[2012.09.14 08:14:34 | 000,184,320 | RHS- | M] () -- C:\windows\SysWow64\pnrpnspx.dll
[2012.09.12 10:45:43 | 000,001,487 | ---- | M] () -- D:\_Desktop\remember this.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.08.29 08:17:00 | 007,897,371 | R--- | M] () -- D:\_Desktop\weinherbst_weinviertel_2012.pdf
 
========== Files Created - No Company Name ==========
 
[2012.09.23 12:56:06 | 000,000,020 | ---- | C] () -- C:\Users\Susy\defogger_reenable
[2012.09.23 12:10:05 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.23 12:09:14 | 000,881,281 | ---- | C] () -- C:\Users\Susy\AppData\Local\census.cache
[2012.09.23 12:09:05 | 000,144,546 | ---- | C] () -- C:\Users\Susy\AppData\Local\ars.cache
[2012.09.23 11:59:03 | 000,000,036 | ---- | C] () -- C:\Users\Susy\AppData\Local\housecall.guid.cache
[2012.09.14 08:14:34 | 000,184,320 | RHS- | C] () -- C:\windows\SysWow64\pnrpnspx.dll
[2012.09.14 08:14:34 | 000,000,310 | ---- | C] () -- C:\windows\tasks\wwzvrpoxkw.job
[2012.09.12 10:45:43 | 000,001,487 | ---- | C] () -- D:\_Desktop\remember this.lnk
[2012.08.29 08:16:48 | 007,897,371 | R--- | C] () -- D:\_Desktop\weinherbst_weinviertel_2012.pdf
[2012.04.06 17:47:59 | 000,000,000 | RHS- | C] () -- C:\Users\Susy\AppData\Roaming\CoreXPSP.dll
[2012.04.06 17:47:14 | 000,164,352 | ---- | C] () -- C:\windows\SysWow64\UNRAR.DLL
[2012.04.06 17:47:14 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\UNACEV2.DLL
[2012.03.02 06:16:33 | 012,067,328 | ---- | C] () -- C:\windows\SysWow64\drivers\snp2sxp.sys
[2012.03.02 06:16:33 | 000,025,472 | ---- | C] () -- C:\windows\SysWow64\drivers\sncamd.sys
[2012.03.02 06:16:33 | 000,015,497 | ---- | C] () -- C:\windows\snp2std.ini
[2012.03.02 06:16:30 | 000,151,552 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2std.dll
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2011.11.27 13:55:48 | 000,002,428 | ---- | C] () -- C:\windows\CDPlayer.ini
[2011.10.05 22:00:37 | 000,025,600 | ---- | C] () -- C:\Users\Susy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.10 14:10:06 | 000,001,474 | ---- | C] () -- C:\Users\Susy\AppData\Local\RecConfig.xml
[2011.09.09 23:16:13 | 006,908,648 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe
[2011.09.09 23:16:13 | 000,017,686 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011.08.27 19:53:00 | 000,000,017 | ---- | C] () -- C:\Users\Susy\AppData\Local\resmon.resmoncfg
[2011.08.18 19:16:14 | 000,185,236 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011.08.12 21:04:09 | 000,000,078 | ---- | C] () -- C:\windows\BBW_INFO.INI
[2011.07.22 17:11:50 | 001,673,216 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2011.07.22 17:11:50 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2011.07.22 17:11:50 | 000,014,848 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2011.07.22 17:11:50 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2011.07.22 17:11:50 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2011.07.12 15:16:09 | 000,000,531 | ---- | C] () -- C:\windows\eReg.dat
[2011.07.09 22:46:54 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.07.06 23:05:54 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011.07.06 11:03:53 | 000,000,049 | ---- | C] () -- C:\windows\wininit.ini
[2011.05.20 00:22:45 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
[2011.05.20 00:22:45 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011.05.20 00:22:45 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Susy\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Susy\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Susy\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Susy\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Susy\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Susy\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 11:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.07.22 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\ACD Systems
[2011.07.22 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Agile Web Solutions
[2011.07.28 18:29:45 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Ashampoo
[2012.04.17 18:57:18 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Audacity
[2011.07.11 10:28:01 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\BMDNTCS
[2011.07.28 18:45:14 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\DAEMON Tools Lite
[2012.04.06 17:47:16 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Dateicommander
[2011.09.09 23:18:09 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\dBpoweramp
[2011.07.22 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\DigitalPersona
[2012.09.23 12:58:03 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Dropbox
[2012.09.04 22:06:36 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\FILEminimizerPictures
[2011.07.22 11:35:37 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\GHISLER
[2012.09.23 08:57:31 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\MailWasherPro
[2012.03.04 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Media Finder
[2012.09.20 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\MediaMonkey
[2011.11.13 18:05:02 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Mp3tag
[2012.01.18 11:17:38 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\OpenOffice.org
[2011.12.31 10:36:15 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\PanoramaStudio
[2012.05.07 15:23:54 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\PhotoSync
[2011.07.22 19:57:37 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Software Informer
[2011.07.22 19:57:42 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\Thunderbird
[2012.03.09 18:59:53 | 000,000,000 | ---D | M] -- C:\Users\Susy\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 65 bytes -> D:\_Desktop\OE1_RUD120502_HP.mp3:com.dropbox.attributes

< End of report >
         
Und hier Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 23.09.2012 13:03:19 - Run 1
OTL by OldTimer - Version 3.2.66.0     Folder = D:\_Setups\_System\Malware entfernen
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,86 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 78,10% Memory free
15,72 Gb Paging File | 13,86 Gb Available in Paging File | 88,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224,78 Gb Total Space | 174,41 Gb Free Space | 77,59% Space Free | Partition Type: NTFS
Drive D: | 223,68 Gb Total Space | 105,23 Gb Free Space | 47,04% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,48 Gb Free Space | 74,72% Space Free | Partition Type: FAT32
 
Computer Name: NB-SUSY2 | User Name: Susy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [DateiCommander] -- C:\Program Files (x86)\DateiCommander\DateiCommander.exe %1 (Ch.Lütgens & Co)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1"
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [DateiCommander] -- C:\Program Files (x86)\DateiCommander\DateiCommander.exe %1 (Ch.Lütgens & Co)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1"
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0474160A-586B-46F7-815C-CBDE7EB6AE3C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{06ECEF8D-741B-459F-8A6E-E2B5BEDEBAA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0A6E2890-BC5C-4D58-95A1-5E23F55B9B3F}" = lport=7428 | protocol=17 | dir=in | name=multifunction network server udp port | 
"{0FEEB416-DF41-419E-8C31-7AD0D340FE93}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{114043B6-9E95-4C18-86AC-B4483C61A8F6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{14DB2F36-E5A7-45FC-A4CB-D7084E55BA02}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{20CC217B-AEC8-4FB9-BEB7-9DFF022704DC}" = lport=7428 | protocol=17 | dir=in | name=multifunction network server udp port | 
"{2C30FFD0-6816-4E79-AD96-79097FB58121}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3933DE96-D804-48E1-B1E6-84540BF23D21}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{64067417-0A4C-4951-B1DC-8F68B98C1508}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{66491921-6EA4-44DE-B39D-545C3C39C8BF}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{777AD6CA-B809-4BE4-B670-0A5885853829}" = lport=445 | protocol=6 | dir=in | app=system | 
"{77C1CB60-E753-4244-AE8F-0B26591D7C42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{78B33140-1125-4402-82FF-C374AD278B05}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{94CF8B43-72F8-44DC-A718-9593D10D7F55}" = lport=35722 | protocol=6 | dir=in | name=photosync | 
"{98343BDF-1279-4EA1-964E-168E0CECCE88}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A1385B60-FBB5-47A2-8972-1B51E855978C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A3A72941-A3A1-40A7-9B46-2A0B5E38936E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AB220AB7-76A1-4739-BA05-32D23A2C3115}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ABA2A825-2B4E-4EE3-AE40-8BB8DC3253B7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B4B5ECA8-5DBD-4B85-87A9-3F2638285E18}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C883F5C3-E3A9-4EC1-B306-DCD90FD6D806}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E913F1AD-5002-47F3-820E-0EAECEE8D53E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{EA66EC59-B89E-494F-AE25-56AE7BBF638F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F23295E5-2169-4509-8707-C07DD94224AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F6D70EA0-103A-40A0-8523-D83C2CBC9551}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F77B255F-B99F-4204-9099-93FFF722E4FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B939A8-EE7B-4F89-A628-3EB84D4B1076}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{06B74326-313A-4752-ABB0-2B025292EA3F}" = protocol=6 | dir=in | app=c:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0C86E581-73C1-4EE5-BD08-80F278E7F618}" = protocol=6 | dir=in | app=c:\program files (x86)\assmann\usb device server\control center.exe | 
"{255A841A-3253-4D41-8DAB-7E58B3605FC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{39E45375-16ED-4EC4-A934-EE722EEC2F0A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3CB9F1A7-6BAD-46DB-9633-74DF9BE081E1}" = protocol=17 | dir=in | app=c:\program files (x86)\assmann\usb device server\control center.exe | 
"{459EAB35-612A-410E-A7FB-294E3AE80CD1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{59279833-F131-45F7-89A0-D75DB737EFFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{60247CB0-C3CC-4FFF-9A09-4D6CFAAC1056}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6266DB7B-CFAC-4F34-A5EA-E4740DD1DB16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{62D7FD2F-FEF6-4ECC-BEA6-1E1C397606A5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{648DDF82-E6E6-48EC-AFED-FBF720948834}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6CE48981-0DF3-433A-A588-0CB5C1F3B879}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7270ED0C-8054-408D-A6E4-ACA66761C440}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73406E5F-1012-414E-9C7A-3465331EFB4B}" = protocol=6 | dir=out | app=system | 
"{74D10CB8-C41C-4E3E-B6F1-EA22A2BA6C31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{795F9CA1-6708-4860-83C3-67BDF6ECF986}" = protocol=17 | dir=in | app=c:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe | 
"{85292A0B-7812-4DAB-9481-9327A81FFECC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{93A2113A-36E8-4EE2-98F7-01A007511E10}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{93C5F7EE-4CAC-401F-AA7E-7D485CD0A42F}" = protocol=17 | dir=in | app=c:\program files (x86)\assmann\usb device server\control center.exe | 
"{9DB4C487-3ED9-48E9-AA77-59DBAC0E8A9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9F9AA9E-7C22-4C0A-ADED-62071BC7E7EF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{AB590491-AC51-442F-8227-2F6979CD4BA2}" = protocol=6 | dir=in | app=c:\program files (x86)\assmann\usb device server\control center.exe | 
"{B09CBF6F-8EB0-47AD-B7E7-693A1CAEFF80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B41428EF-267F-46D4-912E-17DB48AAF601}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC720DE1-9B34-4FB4-A00A-30A5D184A3F2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{BD71CC7D-694B-42B4-9FBE-C583C349E7B7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{BE02B116-0117-4D4C-BEF6-C38AC08F097F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CB768A62-F1DC-4BF2-8FB2-462E9D800125}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D6D9FA70-1BC3-420D-ABEF-AAA77AFA1B01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DAC62375-E5B5-4664-9658-BF1CCA68EBEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E874A561-B0D7-40D4-856C-1FD363FD5277}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{E8AB4ED8-D42F-400E-8967-3E569A6B4106}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFF7D509-CCC0-4001-83F1-7FCBFAFB9AEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F6D6D2B5-42C2-4704-9EBF-1CC1F8DB85E2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FD0959EE-E84E-4F67-B562-FAACF4F7D879}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{74461708-03BA-456A-834D-1BEAF79E1AF6}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"TCP Query User{8240F559-7E57-4FA5-891D-D611B1014C07}D:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=d:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{F4BA60F4-A7BD-4439-BD8B-5424981CE673}D:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=d:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0ED0A004-D24B-40E0-A4CE-DF73F8818252}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"UDP Query User{C8AA8AFE-2FED-4F5F-9847-898E25977066}D:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=d:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{DC2FCFB5-6F5C-4544-AB78-21F4A774690E}D:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=d:\users\susy\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01AF7A15-6785-4878-8924-AB894172DA94}" = PhotoSync
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{2917FD4B-9D6C-4012-BB45-DC9722CA78E2}" = HP ProtectTools Security Manager
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Drive Backup™ 9.5 Professional Edition
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8F258628-2E18-4C2E-8127-EF4EFAF5F75C}" = HP 3D DriveGuard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{938C9D51-4233-4DCE-A650-96918ACDBF3E}" = HP Power Data
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A94AABAE-52F0-48C4-9F94-A4CA4B423576}" = Adobe Photoshop Lightroom 3.2 64-bit
"{ABCB696E-2494-48FC-826D-0666CEE460DB}" = Drive Encryption for HP ProtectTools
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{BD7AB0B9-4491-4642-B6BB-2560648A0A22}" = HP Power Assistant
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DBB6FD33-2B16-45EB-93E1-C14344F9205C}" = Yamaha USB Audio Driver
"{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}" = Validity Fingerprint Driver
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE3DEA5D-60D7-4C92-A71F-1E1F2F4615FC}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"CCleaner" = CCleaner
"doPDF 6  printer_is1" = doPDF 6.3  printer
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17DEA3ED-86EA-4D28-849C-20CB030F4963}" = Multifunction Network Server 
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{23355AD7-F773-4419-971D-1577A793D4B5}" = MindManager X5 Pro
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5B059455-4572-4F70-8D91-2097B07215E5}" = HP ESU for Microsoft Windows 7
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = D-PEN
"{7861911B-4270-498A-8F7A-FCF0570F484B}" = HP QuickWeb
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{9966A5DB-8BB0-4D89-A701-386ED84E79B8}" = Adobe Creative Suite 4 Master Collection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BAB4AAD2-93A4-11D4-A165-00508B67A692}" = Client
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6}" = Adobe Setup
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"1Password_is1" = 1Password 1.0.9.296
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_7e74552a59eaf9fafd13f90894ac9bd" = Adobe Creative Suite 4 Master Collection
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AutoHotkey" = AutoHotkey 1.1.00.00
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BB_is1" = Band-in-a-Box 2006
"BMD SYSTEMHAUS - BMD55" = BMD SYSTEMHAUS - BMD55
"cam2pc" = cam2pc (remove only)
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"Columbus Tree Mod" = Columbus Tree Mod 1.0 deutsch
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"DateiCommander 13.1_is1" = DateiCommander13
"Daub Ages" = Daub Ages! 1.53
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Drive Encryption" = Drive Encryption for HP ProtectTools
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 4.1.1 Professional
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"Noise Ninja (Standalone Version)_is1" = Noise Ninja 2 (Standalone Version)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PanoramaStudio" = PanoramaStudio 1.3 (deinstallieren)
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"PixGEN_is1" = PixGEN v.2.8.1
"PSPad editor_is1" = PSPad editor
"Rainlendar2" = Rainlendar2 (remove only)
"ShapeCollage" = Shape Collage
"Software Informer_is1" = Software Informer 1.0 BETA
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2012 05:11:33 | Computer Name = NB-Susy2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 06.08.2012 09:23:29 | Computer Name = NB-Susy2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.08.2012 19:01:42 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description = 
 
Error - 18.08.2012 05:33:13 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description = 
 
Error - 18.08.2012 05:43:48 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description = 
 
Error - 18.08.2012 05:45:54 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description = 
 
Error - 18.08.2012 15:50:23 | Computer Name = NB-Susy2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 21.08.2012 04:47:13 | Computer Name = NB-Susy2 | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16768 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 7d8    Startzeit: 01cd7abc0a6ce214    Endzeit: 60000    Anwendungspfad:
 C:\windows\Explorer.EXE    Berichts-ID: 95cb3219-eb6c-11e1-94c6-cc52af862797  
 
Error - 21.08.2012 12:16:55 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description = 
 
Error - 21.08.2012 12:22:40 | Computer Name = NB-Susy2 | Source = ThreadLib | ID = 0
Description = 
 
Error - 23.08.2012 11:41:17 | Computer Name = NB-Susy2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: tapisrv.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be077  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feef5787f3
ID
 des fehlerhaften Prozesses: 0x61c  Startzeit der fehlerhaften Anwendung: 0x01cd7f7c3552ff0a
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: tapisrv.dll  Berichtskennung: f9db84d5-ed38-11e1-a278-cc52af862797
 
[ Hewlett-Packard Events ]
Error - 05.11.2011 11:39:17 | Computer Name = NB-Susy2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111105043905.xml
 File not created by asset agent
 
Error - 12.11.2011 18:06:39 | Computer Name = NB-Susy2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111112110636.xml
 File not created by asset agent
 
Error - 10.12.2011 07:39:25 | Computer Name = NB-Susy2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121110123922.xml
 File not created by asset agent
 
Error - 04.02.2012 11:38:51 | Computer Name = NB-Susy2 | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021204043844.xml
 File not created by asset agent
 
Error - 19.03.2012 02:41:45 | Computer Name = NB-Susy2 | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 19.03.2012 02:41:47 | Computer Name = NB-Susy2 | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.04.2012 15:27:29 | Computer Name = NB-Susy2 | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.04.2012 15:27:46 | Computer Name = NB-Susy2 | Source = hpsa_service.exe | ID = 2000
Description = 
 
Error - 15.07.2012 01:33:37 | Computer Name = NB-Susy2 | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 03.09.2012 01:40:23 | Computer Name = NB-Susy2 | Source = hpsa_service.exe | ID = 2000
Description = 
 
[ HP Power Assistant Events ]
Error - 22.09.2012 17:06:38 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
 
Error - 22.09.2012 17:13:21 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 22.09.2012 17:13:28 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
 
Error - 23.09.2012 02:55:40 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
 
Error - 23.09.2012 04:14:50 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 23.09.2012 04:14:53 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
 
Error - 23.09.2012 04:45:27 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
 
Error - 23.09.2012 04:51:37 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 23.09.2012 04:51:41 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
 
Error - 23.09.2012 05:43:06 | Computer Name = NB-Susy2 | Source = HP PA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
 
[ HP Software Framework Events ]
Error - 10.09.2012 09:58:44 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 15:58:44.097|00000228|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10.09.2012 09:59:57 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 15:59:57.415|000008F8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10.09.2012 09:59:58 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 15:59:58.335|000029F8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10.09.2012 10:00:00 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 16:00:00.655|00002374|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10.09.2012 10:00:01 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 16:00:01.541|00002A98|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10.09.2012 10:00:05 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.10 16:00:05.942|000021DC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 15.09.2012 16:01:12 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.15 22:01:12.914|00001FDC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 15.09.2012 16:01:14 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.15 22:01:14.267|00002E54|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 22.09.2012 15:43:28 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.22 21:43:28.175|000013FC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 22.09.2012 15:43:29 | Computer Name = NB-Susy2 | Source = CaslWmi | ID = 5
Description = 2012.09.22 21:43:29.346|00000AEC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ HP Wireless Assistant Events ]
Error - 25.02.2012 08:32:56 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 25.02.2012 09:21:40 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 25.02.2012 12:17:50 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 25.02.2012 14:54:16 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 25.02.2012 16:26:43 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 25.02.2012 18:16:00 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 26.02.2012 05:25:02 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
 
Error - 26.02.2012 05:26:53 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = WifiWatcher: WlanQueryInterface failed, res=1168 guid={2D7426F6-070B-42DD-A47A-826DAAF5D4CC}
 
Error - 26.02.2012 07:16:20 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
Error - 26.02.2012 10:06:11 | Computer Name = NB-Susy2 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
 
[ System Events ]
Error - 22.09.2012 15:31:04 | Computer Name = NB-Susy2 | Source = bowser | ID = 8003
Description = 
 
Error - 23.09.2012 06:56:26 | Computer Name = NB-Susy2 | Source = DCOM | ID = 10010
Description = 
 
Error - 23.09.2012 06:57:29 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimspci" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1058
 
Error - 23.09.2012 06:57:29 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "risdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1058
 
Error - 23.09.2012 06:57:29 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rixdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1058
 
Error - 23.09.2012 06:58:20 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 23.09.2012 06:58:20 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 23.09.2012 06:58:50 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 23.09.2012 06:58:50 | Computer Name = NB-Susy2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 23.09.2012 06:58:52 | Computer Name = NB-Susy2 | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         

Alt 23.09.2012, 14:11   #2
markusg
/// Malware-holic
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.09.23 12:57:17 | 000,000,310 | ---- | M] () -- C:\windows\tasks\wwzvrpoxkw.job
[2012.09.14 08:14:34 | 000,184,320 | RHS- | M] () -- C:\windows\SysWow64\pnrpnspx.dll
 :Files
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus


danach:
downloade get info:
File-Upload.net - Datei nicht gefunden
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.
__________________

__________________

Alt 23.09.2012, 16:28   #3
Susy
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



Hallo Markus,

vielen Dank für die superflotte Analyse und Antwort!

1. OTL - Commands: habe ich erledigt, Neustart fand statt, alles sah gut aus. Nur:

Zitat:
Zitat von markusg Beitrag anzeigen

• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
Ich habe kein Textdokument gefunden. Wo kann ich das suchen, und wie sollte es heißen? Im OTL-Ordner finde ich nur meine beiden logfiles von heute mittag.

1a. OTL - Zipfile: Gezippten moved-files-Ordner in den Uploadchannel laden - ist erledigt. Upload erfolgreich beendet.

2. GETINFO:

Zitat:
Zitat von markusg Beitrag anzeigen
danach:
downloade get info:
File-Upload.net - Datei nicht gefunden
Gibt es dafür vielleicht noch einen anderen vertrauenswürdigen Downloadlink?
Auf file-upload.net bekomme ich die Fehlermeldung "Datei existiert nicht! Diese Datei wurde vom User oder durch eine Abuse-Meldung gelöscht."
(...und sehe auf derselben Seite große, verführerische Downloadbuttons, die mir ein ganz anderes Programm reindrücken wollen (iLividSetupV1.exe), was Ottilie Normaluser eventuell auf Abwege gebracht hätte... Von der Website nicht sehr sauber gehandhabt, wie ich finde.)

Ich kann daher momentan mit keinem der beiden Textfiles aufwarten. Entschuldigung!
LG Susy
__________________

Alt 25.09.2012, 18:48   #4
markusg
/// Malware-holic
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



ich lad die datei noch mal später hoch.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.09.2012, 20:02   #5
Susy
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



Hi!

Danke, das hab ich gemacht. Den Avira-Guard hatte ich deaktiviert. ComboFix gab trotzdem eine Meldung dazu aus, ließ sich aber ohnehin nicht mehr stoppen - auch ein Klick auf das Schließen-x der Meldung (statt auf OK) führt zur Fortsetzung des Programms. Ich hoffe also, es ist alles glattgegangen.

Hier das log:

Code:
ATTFilter
ComboFix 12-09-24.03 - Susy 25.09.2012  19:40:33.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.43.1031.18.8047.6099 [GMT 2:00]
ausgeführt von:: d:\_desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-25 bis 2012-09-25  ))))))))))))))))))))))))))))))
.
.
2012-09-25 17:44 . 2012-09-25 17:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-23 10:10 . 2012-09-23 10:10	--------	d-----w-	c:\users\Susy\AppData\Roaming\Malwarebytes
2012-09-23 10:10 . 2012-09-23 10:10	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-23 10:10 . 2012-09-23 10:10	--------	d-----w-	c:\program files (x86)\Malwarebytes
2012-09-23 10:10 . 2012-09-07 15:04	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-10 05:47 . 2012-09-10 05:47	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-28 17:35 . 2012-08-28 17:35	--------	d-----w-	c:\programdata\McAfee
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 16:35 . 2012-04-09 07:51	696240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 16:35 . 2011-07-06 22:46	73136	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 05:10 . 2012-07-12 05:10	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-07-12 05:10 . 2011-07-06 22:48	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-02-04 2346496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Agile1pAgent"="d:\datenbanken\1Password\Agile1pAgent.exe" [2012-06-20 2206984]
"ACPW05DE"="c:\program files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-16 822384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"KCodes UDS Control Center"="c:\program files (x86)\Assmann\USB Device Server\Control Center.exe" [2011-05-30 4910592]
.
c:\users\Susy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ac'tivAid.lnk - c:\program files\activAid\Portable_ac'tivAid.exe [2010-2-17 210671]
Dropbox.lnk - c:\users\Susy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-08-26 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-09-16 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-06 1038088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-16 1255736]
R3 yusbaud64;Yamaha USB Audio Driver;c:\windows\system32\drivers\yusbaud64.sys [2010-04-21 91280]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-20 89600]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-01 704512]
R4 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-01 281192]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-04-21 37392]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Agile1Password;1Password;d:\datenbanken\1Password\Agile1pService.exe [2012-06-20 768776]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-11-19 102968]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 AssmannUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\AssmannUDSMBus.sys [x]
S3 AssmannUDSTcpBus;AssmannUDSTcpBus;SysWOW64\Drivers\AssmannUDSTcpBus.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-11-06 293552]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 16:35]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531735382-97513462-279433948-1000Core.job
- c:\users\Susy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 16:20]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2531735382-97513462-279433948-1000UA.job
- c:\users\Susy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 16:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Susy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1694016]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-20 489472]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 195.3.96.67 213.33.98.136
FF - ProfilePath - c:\users\Susy\AppData\Roaming\Mozilla\Firefox\Profiles\x3829mqr.Susy\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: general.useragent.extra.brc - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-fsm - (no file)
Wow6432Node-HKLM-Run-pdfSaver3 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BMD SYSTEMHAUS - BMD55 - c:\windows\IsUn0407.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.032"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.amr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.apd"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.arw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bay"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.bmp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.caf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cel"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cs1"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.dcx"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.dib"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djv"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djvu"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.emf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fff"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.flc"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fli"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fpx"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.gif"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.gsm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.icn"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iff"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ilbm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.int"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.inta"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iw4"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2c"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2k"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jbr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.jfif"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.jif"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jp2"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpc"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.jpe"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.jpeg"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.jpg"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpk"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpx"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.kar"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.kdc"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.lbm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m15"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m1a"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m75"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mef"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mos"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.nrw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pbr"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pct"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.pcx"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pgm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.pic"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pics"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pict"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pix"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.png"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ppm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.psp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspbrush"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspimage"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.qcp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.qtpf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ras"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.raw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgb"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgba"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.rle"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rsb"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rw2"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rwl"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sfil"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sgi"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smi"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smil"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sml"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sr2"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.srf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.srw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.swa"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.tga"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.thm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.tif"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.tiff"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ulw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50po"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50pp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50ppf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.vfw"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.wbm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.wbmp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.wmf"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xbm"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
"Progid"="ACDSee Pro 5.xif"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2531735382-97513462-279433948-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xmp"
.
[HKEY_USERS\S-1-5-21-2531735382-97513462-279433948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-25  19:46:14
ComboFix-quarantined-files.txt  2012-09-25 17:46
.
Vor Suchlauf: 13 Verzeichnis(se), 186.863.939.584 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 186.705.186.816 Bytes frei
.
- - End Of File - - AD86BDC242EE2107EF993754B68C9748
         


Alt 27.09.2012, 17:48   #6
markusg
/// Malware-holic
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



passt

lade den CCleaner standard:
CCleaner Download - CCleaner 3.23.1823
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
--> Falsche Links in Google-Suche

Alt 27.09.2012, 20:24   #7
Susy
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



Bittesehr - hoffe, das ist nicht zu unübersichtlich. Ich formatiers auch gern um!

Code:
ATTFilter
1Password 1.0.9.296	AgileBits	29.06.2012	26,1MB	NOTWENDIG
ACDSee Pro 5	ACD Systems International Inc.	12.07.2012	144MB	5.3.168  NOTWENDIG
Acrobat.com	Adobe Systems Incorporated	06.07.2011		1.2.443  NOTWENDIG
Adobe AIR	Adobe Systems Inc.	06.07.2011		1.1.0.5790  GROSSTEIL DER ADOBE SUITE INSTALLIERT - NOTWENDIG
Adobe Anchor Service x64 CS4		10.09.2010		
Adobe CMaps x64 CS4		10.09.2010			
Adobe Creative Suite 4 Master Collection	Adobe Systems Incorporated	06.07.2011	108MB	4.0 
Adobe CSI CS4 x64		10.09.2010			
Adobe Drive CS4 x64		10.09.2010		
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	21.09.2012	6,00MB	11.4.402.278
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	28.08.2012	6,00MB	11.4.402.265
Adobe Fonts All x64		10.09.2010		
Adobe InDesign CS4 Icon Handler x64		10.09.2010		
Adobe Linguistics CS4 x64		10.09.2010		
Adobe PDF Library Files x64 CS4		10.09.2010		
Adobe Photoshop CS4 (64 Bit)		10.09.2010		
Adobe Photoshop Lightroom 3.2 64-bit	Adobe	11.02.2012	358MB	3.2.1
Adobe Reader X (10.1.2) - Deutsch	Adobe Systems Incorporated	23.02.2012	121MB	10.1.2
Adobe Type Support x64 CS4		10.09.2010		
Adobe WinSoft Linguistics Plugin x64		10.09.2010			GROSSTEIL DER ADOBE SUITE INSTALLIERT - NOTWENDIG
Apple Application Support	Apple Inc.	14.02.2012	61,1MB	2.1.6	NOTWENDIG
Apple Mobile Device Support	Apple Inc.	14.02.2012	24,4MB	4.0.0.97  NOTWENDIG
Apple Software Update	Apple Inc.	08.07.2011	2,38MB	2.1.3.127 NOTWENDIG
ArcSoft WebCam Companion 3	ArcSoft	02.03.2012	79,5MB	3.0.355    NOTWENDIG
Ashampoo Burning Studio 6 FREE v.6.80	ashampoo GmbH & Co. KG	28.07.2011	39,3MB	6.8.0 NOTWENDIG
Audacity 1.3.13 (Unicode)	Audacity Team	09.07.2011	40,1MB		NOTWENDIG
AutoHotkey 1.1.00.00	AutoHotkey Community	07.07.2011		1.1.00.00  NOTWENDIG (für Ac'tivAid)
Avira AntiVir Personal - Free Antivirus	Avira GmbH	20.03.2012	74,3MB	10.2.0.707 NOTWENDIG
Band-in-a-Box 2006	PG Music Inc.	12.08.2011			NOTWENDIG	
BMD SYSTEMHAUS - BMD55		26.05.2012			NOTWENDIG
Bonjour	Apple Inc.	23.10.2011	2,00MB	3.0.0.10			NOTWENDIG
cam2pc (remove only)		07.07.2011				NOTWENDIG
Canon iP3600 series Benutzerregistrierung		09.06.2012		NOTWENDIG 
Canon iP3600 series Printer Driver		09.06.2012			NOTWENDIG
Canon Utilities Easy-PhotoPrint EX		09.06.2012			NOTWENDIG
CCleaner	Piriform	22.08.2012		3.22				NOTWENDIG
Client	BMD Systemhaus GesmbH	11.07.2011		5.50.000		NOTWENDIG
Columbus Tree Mod 1.0 deutsch	CycleDogg	31.07.2011 1.0 deutsch	UNNÖTIG (gehört zu SimCity)
D-PEN	Sonix	02.03.2012		5.7.26000.0			UNNÖTIG
DAEMON Tools Lite	DT Soft Ltd	12.07.2011		4.40.2.0131	NOTWENDIG
DateiCommander13	Christian Lütgens	06.04.2012	94,0MB		UNNÖTIG
Daub Ages! 1.53		17.08.2011					UNNÖTIG
dBpoweramp Music Converter	Illustrate	09.09.2011	163MB	Release 14.2 NOTWENDIG
doPDF 6.3  printer	Softland	16.01.2012					NOTWENDIG
Drive Encryption for HP ProtectTools	Hewlett-Packard	20.03.2012 67,9MB	 5.0.6.0 	NOTWENDIG (Notebook-Software)
Dropbox	Dropbox, Inc.	15.06.2012		1.4.7			NOTWENDIG
EASEUS Partition Master 4.1.1 Professional	EASEUS	22.07.2011		UNNÖTIG
Energy Star Digital Logo	Hewlett-Packard	19.05.2011	300KB	1.0.1	UNNÖTIG? Notebook-Software?
Evernote v. 4.5	Evernote Corp.	20.08.2011	149MB	4.5.0.5229	UNNÖTIG
FILEminimizer Pictures	balesio AG	08.07.2011			NOTWENDIG
Google Chrome	Google Inc.	09.03.2012		17.0.963.78	NOTWENDIG
HP 3D DriveGuard	Hewlett-Packard Company	04.02.2012	6,99MB	4.1.10.1	NOTWENDIG (alles HP=Notebook-Software)
HP Business Card Reader	Hewlett-Packard	19.05.2011	62,2MB	0.6.3.0
HP Documentation	Hewlett-Packard	10.09.2010	0,97GB	1.1.0.0
HP ESU for Microsoft Windows 7	Hewlett-Packard Company	08.07.2011	16,7MB	1.1.13.2
HP Integrated Module with Bluetooth wireless technology	Broadcom Corporation	19.05.2011	144MB	6.2.1.500
HP Power Assistant	Hewlett-Packard	10.09.2010	7,71MB	1.0.2.4
HP Power Data	Hewlett-Packard	10.09.2010	1,22MB	1.0.11.114
HP Product Detection	HP	07.04.2012	1,86MB	11.14.0001
HP ProtectTools Security Manager	Hewlett-Packard	11.09.2010	88,6MB	5.03.635
HP Quick Launch Buttons	Hewlett-Packard Company	04.02.2012		6.50.17.1
HP QuickLook	Hewlett-Packard Company	06.07.2011	92,6MB	3.3.1.4
HP QuickWeb	DeviceVM, Inc.	19.05.2011	353MB	1.0.1.48
HP Setup	Hewlett-Packard	10.09.2010		1.2.3557.3169
HP SoftPaq Download Manager	Hewlett-Packard Company	10.09.2010	14,7MB	3.0.5.0
HP Software Framework	Hewlett-Packard Company	04.02.2012	4,74MB	4.1.13.1
HP Software Setup	Hewlett-Packard Company	10.09.2010	11,6MB	7.0.1.5
HP Support Assistant	Hewlett-Packard Company	04.02.2012	75,7MB	6.1.12.1
HP Wallpaper	Hewlett-Packard Company	10.09.2010	72,4MB	1.0.1.3
HP Webcam	Roxio	08.07.2011	9,76MB	1.0.26.3
HP Webcam Driver	Sonix	04.02.2012		5.8.50009.6
HP Wireless Assistant	Hewlett-Packard	20.03.2012	5,60MB	4.0.10.0	NOTWENDIG (alles HP=Notebook-Software)
IDT Audio	IDT	20.03.2012		1.0.6300.0		NOTWENDIG
Intel(R) Management Engine Components	Intel Corporation	10.09.2010		6.0.0.1179 	NOTWENDIG
Intel(R) Network Connections Drivers	Intel	20.05.2011		14.8 				NOTWENDIG
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed	Intel Corporation	07.04.2012	5,87MB	14.2.0.0216 NOTWENDIG
Intel(R) Turbo Boost Technology Driver	Intel Corporation	10.09.2010		01.00.01.1002 NOTWENDIG
Intel® Matrix Storage Manager	Intel Corporation	20.05.2011		NOTWENDIG
iTunes	Apple Inc.	14.02.2012	170MB	10.5.3.3			NOTWENDIG
IZArc 4.1	Ivan Zahariev	18.07.2011	12,4MB	4.1			NOTWENDIG
Java(TM) 6 Update 33	Oracle	12.07.2012	95,6MB	6.0.330		NOTWENDIG
LAME v3.98.3 for Audacity		09.08.2011	1,16MB			NOTWENDIG
LSI HDA Modem	LSI Corporation	20.05.2011	16,0KB	2.2.97		NOTWENDIG (Audio-Treiber)
MailWasher Pro	FireTrust Limited	08.07.2011				NOTWENDIG
Malwarebytes Anti-Malware Version 1.65.0.1400	Malwarebytes Corporation	23.09.2012	19,3MB	1.65.0.1400 hoffentlich nie mehr NOTWENDIG
MediaMonkey 4.0	Ventis Media Inc.	03.07.2012	51,2MB	4.0		NOTWENDIG
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	16.02.2012	38,8MB	4.0.30319 NOTWENDIG (für Ac'tivAid)
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	16.02.2012	2,93MB	4.0.30319 NOTWENDIG (für Ac'tivAid)
Microsoft Office Standard Edition 2003	Microsoft Corporation	09.07.2011	194MB	11.0.5614.0 NOTWENDIG
Microsoft Silverlight	Microsoft Corporation	09.04.2012	50,5MB	5.0.61118.0	NOTWENDIG
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	28.07.2011	562KB	8.0.50727.42 			UNBEKANNT
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	10.09.2010	708KB	8.0.56336			UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	10.09.2010	788KB	9.0.30729	UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	18.01.2012	788KB	9.0.30729.4148	UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	10.09.2010	596KB	9.0.30729	UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	18.01.2012	596KB	9.0.30729.4148	UNBEKANNT
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	06.04.2012	11,1MB	10.0.40219	UNBEKANNT
MindManager X5 Pro	Mindjet LLC	22.01.2012	47,2MB	5.2.344	UNNÖTIG
MobileMe Control Panel	Apple Inc.	24.08.2011	11,9MB	3.1.6.0	NOTWENDIG
Mozilla Firefox 15.0.1 (x86 de)	Mozilla	10.09.2012	38,4MB	15.0.1	NOTWENDIG
Mozilla Maintenance Service	Mozilla	10.09.2012	327KB	15.0.1		NOTWENDIG?
Mozilla Thunderbird (3.1.20)	Mozilla	09.04.2012		3.1.20 (de)	NOTWENDIG
Mp3tag v2.49	Florian Heidenreich	08.07.2011		v2.49		NOTWENDIG
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	16.02.2012	1,27MB	4.20.9870.0	UNBEKANNT
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	16.02.2012	1,33MB	4.20.9876.0	UNBEKANNT
Multifunction Network Server 	Ihr Firmenname	03.08.2012	6,43MB	1.92			NOTWENDIG (NAS)
NEC Electronics USB 3.0 Host Controller Driver	NEC Electronics Corporation	10.09.2010	993KB	1.0.18.0  NOTWENDIG
No23 Recorder	No23	09.09.2011	2,44MB	2.1.0.3						NOTWENDIG
Noise Ninja 2 (Standalone Version)	PictureCode LLC	05.11.2011					NOTWENDIG
NVIDIA 3D Vision Treiber 295.73	NVIDIA Corporation	23.02.2012		295.73		NOTWENDIG
NVIDIA Display Control Panel	NVIDIA Corporation	16.02.2012		6.14.12.6128	NOTWENDIG
NVIDIA Grafiktreiber 295.73	NVIDIA Corporation	23.02.2012		295.73			NOTWENDIG
NVIDIA HD-Audiotreiber 1.3.12.0	NVIDIA Corporation	23.02.2012		1.3.12.0		NOTWENDIG
NVIDIA nView 136.18	NVIDIA Corporation	23.02.2012		136.18			NOTWENDIG
NVIDIA PhysX-Systemsoftware 9.12.0209	NVIDIA Corporation	23.02.2012		9.12.0209 NOTWENDIG
OKI Network Extension	Okidata	15.05.2012		1.00.000					NOTWENDIG (Drucker)
OpenOffice.org 3.3	OpenOffice.org	18.01.2012	301MB	3.3.9567					NOTWENDIG
PanoramaStudio 1.3 (deinstallieren)		31.12.2011						NOTWENDIG
Paragon Drive Backup™ 9.5 Professional Edition	Paragon Software	21.07.2011	140MB	90.00.0003  UNNÖTIG
PDF-XChange 3.0	Tracker Software	22.01.2012							UNNÖTIG
PG Music DirectX Plugins 1.3.4.1	PG Music Inc.	12.08.2011					NOTWENDIG (BandInABox)
Photoshop Camera Raw_x64		10.09.2010							NOTWENDIG
PhotoSync	touchbyte GmbH	07.05.2012	3,56MB	1.5.3					NOTWENDIG
PixGEN v.2.8.1	Pixopolis KG	12.11.2011	182MB						NOTWENDIG
PSPad editor	Jan Fiala	20.07.2011								NOTWENDIG
QuickTime	Apple Inc.	14.02.2012	73,2MB	7.71.80.42				NOTWENDIG
Rainlendar2 (remove only)		20.07.2011							NOTWENDIG
Revo Uninstaller Pro 2.5.3	VS Revo Group, Ltd.	06.07.2011	34,9MB	2.5.3			NOTWENDIG
RICOH Media Driver	RICOH	10.09.2010		2.13.00.05				NOTWENDIG (Drucker)
Shape Collage	Shape Collage Inc.	14.04.2012							NOTWENDIG
SimCity 4 Deluxe		28.07.2011								UNNÖTIG
Skype™ 5.5	Skype Technologies S.A.	16.10.2011	17,0MB	5.5.124				NOTWENDIG
Snagit 9.1.3	TechSmith Corporation	12.07.2011	59,8MB	9.1.3.16				NOTWENDIG
Software Informer 1.0 BETA	Informer Technologies, Inc.	08.07.2011					UNNÖTIG
Synaptics Pointing Device Driver	Synaptics Incorporated	11.09.2010		15.0.10.0		NOTWENDIG
Theft Recovery	Hewlett-Packard	20.03.2012	0,99MB	5.1.0.21					NOTWENDIG
Total Commander (Remove or Repair)	Ghisler Software GmbH	22.07.2011		7.56a		NOTWENDIG
Validity Fingerprint Driver	Validity Sensors, Inc.	20.03.2012	14,8MB	4.0.15.0			NOTWENDIG
Windows 7 Default Setting	Hewlett-Packard Company	10.09.2010	32,0KB	1.0.1.5			vermute NOTWENDIG
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)	Broadcom	20.05.2011		06/15/2009 6.2.0.9000  NOTWENDIG
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)	Broadcom	20.05.2011		07/30/2009 6.2.0.9405  NOTWENDIG
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)	Broadcom	20.05.2011		07/28/2009 6.2.0.9800  UNBEKANNT (Bluetooth?)
Windows Live ID Sign-in Assistant	Microsoft Corporation	10.09.2010	10,0MB	6.500.3165.0	UNNÖTIG
Yamaha USB Audio Driver	Yamaha Corporation	19.12.2011	632KB	1.1.2			NOTWENDIG
µTorrent		20.09.2011		3.0.0							UNNÖTIG
         

Alt 01.10.2012, 20:02   #8
markusg
/// Malware-holic
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
D-PEN
DateiCommander13
Daub
EASEUS
Evernote
Java
Download der kostenlosen Java-Software
downloade java jre instalieren

deinstaliere:
MindManager
Mozilla Thunderbird : öffnen, hilfe, update, version 15 instalieren.
Paragon
PDF
SimCity
Software Informer
Windows Live
µTorrent

öffne otl, bereinigen, pc startet neu
öffne ccleaner, analysieren starten, pc neustarten
wenn er läuft wie gewünscht (keine umleitungen zb) dann absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.74

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.10.2012, 15:46   #9
Susy
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



Danke, dass du dir so ausgiebig Zeit nimmst! Ich hab da noch ein paar Fragen:

1. Was genau hatte ich mir denn da ursprünglich überhaupt eingefangen, und wo/wie fängt man sich sowas ein?

2. Muss ich meine Passwörter als bekannt betrachten?

3. Was passiert mit dem OTL-"MovedFiles"-Ordner?

4. Das hier versteh ich nicht ganz:

Zitat:
Zitat von markusg Beitrag anzeigen
passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
Welche Dienste meinst du da? Ist das noch im Zusammenhang mit Sandboxie zu verstehen, oder meinst du da was anderes?
Ich benutze 1Password zur pw-Verwaltung. Ist daran was auszusetzen?

Danke+liebe Grüße!

Alt 04.10.2012, 21:42   #10
markusg
/// Malware-holic
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



hi
1. moved files wird gelöscht, sobald du in otl auf bereinigen geklickt hast.
2. du hattest einen trojaner der werbeanzeigen schaltet, damit wollen die besitzer geld verdienen
4. ich meine, dass jede seite ein extra passwort benötigt.
ich weis nicht, ob das von dir verwendete tool einen passwort generator hatt, der machts dir nämlich leichter, sichere passwörter zu erstellen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.10.2012, 14:20   #11
Susy
 
Falsche Links in Google-Suche - Icon16

Falsche Links in Google-Suche



Hey Markus,

leider hab ich seit der Bereinigung mit OTL massive Schwierigkeiten. Beim Neustart sah ich für 10ms einen Bluescreen (er hatte wohl irgendwas mit "Fehler bei angeschlossenem Gerät" zu tun, ich hab ihn zweimal gesehen; aber das einzige, was zu diesem Zeitpunkt angeschlossen war, war eine Maus).

Danach nix als Chaos. Systemwiederherstellung war nötig, da ohne kein W7-Start mehr möglich war; mein Benutzerprofil war danach aber tot, ich konnte nicht mehr einsteigen, wurde ständig nur über ein temporäres Profil angemeldet...
Viele Stunden später hatte ich mein Profil endlich wieder soweit, hab alles neu eingerichtet (Daten für Mailaccounts, etc, benutzerdefinierte Symbolleisten, Arbeitsbereiche in Programmen, war alles nicht mehr da). Habe dann nochmal alles nicht Benötigte deinstalliert, dann Windows-Updates gemacht.
Bei einem der nächsten Neustarts nach den Updates war aber wieder kein Einstieg mehr möglich, "Die Anmeldung des Gruppenrichtlinienclient ist fehlgeschlagen".

Meine Vermutung ist, dass letzteres Problem etwas mit den Windows-Updates in Verbindung mit meiner gelegten Junction von C:\users nach D:\users zu tun hat - obwohl ich bei den Updates keinerlei Fehlermeldung hatte. Vielleicht ist das aber auch Unsinn.

Seither viele Stunden gebrütet und probiert, momentan gehts so halbwegs, aber nicht sonderlich zuverlässig oder gar schnell. Drucker lassen sich über NAS zB derzeit nicht ansteuern.

Danke für deine Hilfe bis hierher, aber ich werd vermutlich meinen Rechner demnächst neu aufsetzen.

Liebe Grüße, Susy

Alt 17.10.2012, 17:12   #12
markusg
/// Malware-holic
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



sorry für die wartezeit, gesundheitliche probleme.
ok dann setzen wir neu auf:
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.11.2012, 10:53   #13
Susy
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



Danke, Markus, im Moment läuft alles. Hab mir Emsisoft geleistet und installiert, neu aufsetzen werde ich vielleicht demnächst mal, wenn Urlaub und Zeit ist.

Danke für deine Hilfe bisher!
LG Susy

Alt 14.11.2012, 13:44   #14
markusg
/// Malware-holic
 
Falsche Links in Google-Suche - Standard

Falsche Links in Google-Suche



hi
emsisoft öffnen, einstellungen klicken.
geplanter scan.
wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen.
uhrzeit, und bei monatlich ebenfalls datum wählen.
unsichtbar, falls du das scan fenster nicht sehen möchtest.
und verpasste scans nachholen.
auto update:
intervall, täglich, stündlich von 00.00 bis 23.59
heißt jede stunde updates.
einstellung: update
am antimalware network teilnemen.
die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen.

rest bleibt.
klicke jetzt auf wächter:
dort auf wächter.
verhaltensanalyse aktivieren, alles selektieren.
jetzt auf alarme:
aktiviere dort comunety basierte alarm reduktion.
unter anderem dafür gibt es das antimalware network.
die comunety basierte alarm reduktion betrifft die verhaltensanalyse.
emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht.
da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert.
hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert.
wenn du dir das allein zutraust, musst du den haken nicht setzen.
wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt
jetzt auf datei wächter.
standard atkion für erkannte objekte, alarmieren.
surf schutz:
hier alles auf blockieren mit info.
wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln.
wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt.

das währe es, hoffe es war verständlich.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Falsche Links in Google-Suche
adobe after effects, antivir, bho, bonjour, brief, desktop, error, excel, failed, fehler, firefox, flash player, helper, homepage, hängen, launch, mozilla, mp3, pixel, problem, programm, registry, richtlinie, security, server, software, svchost.exe, system, tab öffnen, third party, usb, usb 3.0, win7pro



Ähnliche Themen: Falsche Links in Google-Suche


  1. Links aus Google Suche rufen falsche Seite auf!
    Plagegeister aller Art und deren Bekämpfung - 24.09.2013 (11)
  2. Weiterleitung auf falsche links bei google
    Plagegeister aller Art und deren Bekämpfung - 17.08.2013 (3)
  3. Falsche Google Links
    Plagegeister aller Art und deren Bekämpfung - 20.10.2011 (5)
  4. Falsche Weiterleitung bei Google-Links
    Log-Analyse und Auswertung - 10.06.2011 (7)
  5. Firefox langsam, öffnet automatisch links, falsche Weiterleitung bei google suche
    Log-Analyse und Auswertung - 24.11.2010 (17)
  6. Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen
    Plagegeister aller Art und deren Bekämpfung - 21.05.2010 (27)
  7. Google erzwingt falsche Links
    Log-Analyse und Auswertung - 22.03.2009 (27)
  8. Falsche google-Links
    Plagegeister aller Art und deren Bekämpfung - 15.02.2009 (19)
  9. Falsche Weiterleitung bei Google-Links
    Plagegeister aller Art und deren Bekämpfung - 10.02.2009 (15)
  10. Falsche Google-Links
    Log-Analyse und Auswertung - 13.01.2009 (4)
  11. Falsche Google Links
    Plagegeister aller Art und deren Bekämpfung - 04.01.2009 (12)
  12. Falsche google Links und CPU Auslastung 100%
    Plagegeister aller Art und deren Bekämpfung - 30.11.2008 (5)
  13. Falsche Links bei google
    Log-Analyse und Auswertung - 01.11.2008 (37)
  14. Falsche Links in Google
    Plagegeister aller Art und deren Bekämpfung - 24.09.2008 (1)
  15. Falsche Links nach Google Suche. Brauche Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 08.08.2008 (7)
  16. Falsche Links mit Google
    Log-Analyse und Auswertung - 21.05.2007 (8)
  17. Falsche Links bei Google !!!!
    Plagegeister aller Art und deren Bekämpfung - 24.04.2007 (2)

Zum Thema Falsche Links in Google-Suche - Hallo liebe Experten! Ich hab auf meinem HP-Notebook (Win7pro 64 bit) seit ein paar Tagen das Problem, das hier im Forum schon öfter beschrieben wurde: Bei der Google-Suche in Firefox - Falsche Links in Google-Suche...
Archiv
Du betrachtest: Falsche Links in Google-Suche auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.