"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
Hallo,
Ich habe mir einen Trojaner eingefangen, der den kompletten Bildschirm verdeckt (mit der o.g. Überschrift) und per Ukash auffordert 100€ zu zahlen.
Nach einigem suchen hier im Forum habe ich jetzt den Rechner im abgesicherten Modus gestartet, Malwarebytes Anti-Malware installiert und gestartet. Meldung nach Durchsuchung:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.24.03
Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
pulsfort :: W7-PULSFORT-NB [Administrator]
Schutz: Deaktiviert
24.07.2012 10:35:44
mbam-log-2012-07-24 (10-35-44).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 412095
Laufzeit: 51 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wdscore (Trojan.Agent.3D) -> Daten: C:\Users\pulsfort.MUNICH0\AppData\Local\Microsoft\Windows\3936\wdscore.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\pulsfort.MUNICH0\AppData\Local\Microsoft\Windows\3936\wdscore.exe (Trojan.Agent.3D) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Anschließend habe ich OTL gestartet und folgende Log Files erhalten:
OTL LogFile: Code:
OTL logfile created on: 7/24/2012 11:56:12 AM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\pulsfort.MUNICH0\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3.87 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 81.83% Memory free
7.73 Gb Paging File | 7.07 Gb Available in Paging File | 91.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.40 Gb Total Space | 128.55 Gb Free Space | 45.68% Space Free | Partition Type: NTFS
Drive D: | 1.99 Gb Total Space | 1.90 Gb Free Space | 95.50% Space Free | Partition Type: FAT32
Drive F: | 124.44 Gb Total Space | 20.03 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Drive K: | 124.44 Gb Total Space | 20.03 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Computer Name: W7-PULSFORT-NB | User Name: pulsfort | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\pulsfort.MUNICH0\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - (SaperaCameraLinkServer) -- C:\Program Files\Teledyne DALSA\Sapera\CamExpert\CameraLinkServer.exe ()
SRV:64bit: - (CorLogServer) -- C:\Program Files\Teledyne DALSA\Sapera\Bin\CorLogServer.exe (Teledyne DALSA)
SRV:64bit: - (CorAppLauncher) -- C:\Program Files\Teledyne DALSA\Sapera\Bin\CorAppLauncher.exe (Teledyne DALSA)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (CrypKey License) -- C:\Windows\SysNative\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV:64bit: - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV:64bit: - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV:64bit: - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV:64bit: - (buttonsvc64) -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV:64bit: - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe ()
SRV - (SONICWALL_NetExtender) -- C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe (SonicWALL Inc.)
SRV - (DvmMDES) -- D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (SFUpdater) -- C:\Program Files (x86)\ShareFile\Updater\UpdateService.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (CorSerial) -- C:\Windows\SysNative\drivers\corserial.sys (Teledyne DALSA)
DRV:64bit: - (CorPci) -- C:\Windows\SysNative\drivers\CorPci.sys (Teledyne DALSA)
DRV:64bit: - (CorMem) -- C:\Windows\SysNative\drivers\cormem.sys (Teledyne DALSA)
DRV:64bit: - (CorLog) -- C:\Windows\SysNative\drivers\CorLog.sys (Teledyne DALSA)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fwlanusb4) -- C:\Windows\SysNative\drivers\fwlanusb4.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (SNTUSB64) -- C:\Windows\SysNative\drivers\SNTUSB64.SYS (SafeNet, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\Ckldrv.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdfltn.sys (ST Microelectronics)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (akshasp) -- C:\Windows\SysNative\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksusb) -- C:\Windows\SysNative\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (akshhl) -- C:\Windows\SysNative\drivers\akshhl.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (cvusbdrv) -- C:\Windows\SysNative\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SSLDrv) -- C:\Windows\SysNative\drivers\SSLDrv.sys (SonicWALL Inc.)
DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV - (DVMIO) -- D:\Program Files (x86)\Dell\Reader 2.0\dvmio_x64.sys (DeviceVM, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{5425E8FF-6913-4D98-9B56-780BAA2DD69F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{FB97826F-D406-4CD5-B019-B38CE0266C54}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enDE466
IE - HKCU\..\SearchScopes\{CEC6A7FF-9086-4382-8DBA-46926F1B24F9}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{E9DB9E7B-A275-41D1-8158-D0423FBEBDEB}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757%3Au7sdf2-9qzh&cof=&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/03 12:55:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 08:51:08 | 000,000,000 | ---D | M]
[2012/01/13 15:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pulsfort.MUNICH0\AppData\Roaming\mozilla\Extensions
[2012/07/03 13:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pulsfort.MUNICH0\AppData\Roaming\mozilla\Firefox\Profiles\utyu5uan.default\extensions
[2012/07/03 12:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/29 09:58:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/03 12:55:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/12 17:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 17:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 17:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/05/12 17:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2012/04/10 10:17:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/12 18:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/05/12 17:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/07/03 12:55:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/03 12:55:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/03 12:55:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/03 12:55:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/03 12:55:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/03 12:55:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Google Mail = C:\Users\pulsfort.MUNICH0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120210122206.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120210122207.dll (McAfee, Inc.)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CorGigeStatus] "C:\DALSA\Network Interface\Bin\CorGigeStatus.exe" /s File not found
O4:64bit: - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Teledyne DALSA X64 Xcelera-CL+ PX8 Device Manager] C:\Program Files\Teledyne DALSA\X64 Xcelera-CL+ PX8\Bin\CorAppLauncher.exe (Teledyne DALSA)
O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [PTOneClick] C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)
O4:64bit: - HKLM..\RunOnce: [Teledyne DALSA Device Manager - CorX64XceleraCL+PX8x] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: dalsa.org ([ein-cas-01.netherlands] https in Trusted sites)
O15:64bit: - ..Trusted Domains: dalsa.org ([iron.waterloo] http in Trusted sites)
O15:64bit: - ..Trusted Domains: dalsa.org ([peach.waterloo] http in Trusted sites)
O15:64bit: - ..Trusted Domains: dalsa.org ([wat-cas-01.waterloo] https in Trusted sites)
O15:64bit: - ..Trusted Domains: ein-cas-01 ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: iron ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: peach ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: wat-cas-01 ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: waterloomail ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.com ([sra] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.com ([sre] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.com ([srp] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.org ([ein-cas-01.netherlands] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.org ([iron.waterloo] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.org ([peach.waterloo] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dalsa.org ([wat-cas-01.waterloo] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ein-cas-01 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: iron ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: peach ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: wat-cas-01 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: waterloomail ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://sre.dalsa.com/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://sre.dalsa.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A2CBD67A-F77D-45DF-9621-5F563DAE18FF} hxxp://lead:3333/SlxClient/SLXActiveMail.cab (SlxEmailNotifier Object)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/support/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MUNICH.DALSA.ORG
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CE8FE8-0767-47B9-A15E-34791A8EA847}: Domain = Waterloo.dalsa.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CE8FE8-0767-47B9-A15E-34791A8EA847}: NameServer = 10.1.0.11 10.1.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15330F3D-4683-41EA-BD89-4E5026833444}: DhcpNameServer = 192.168.99.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{626BC815-DA33-4DA9-A2DB-55D42EDFC446}: DhcpNameServer = 10.2.0.2 10.2.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7995E750-0381-49C9-9C16-DBCAD610BB84}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCF70D92-45E8-4CB8-A9C6-3539767E491D}: DhcpNameServer = 192.168.99.5
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qvp - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\Qvp.dll (QlikTech AB)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/24 11:53:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\pulsfort.MUNICH0\Desktop\OTL.exe
[2012/07/24 10:33:12 | 000,000,000 | ---D | C] -- C:\Users\pulsfort.MUNICH0\AppData\Roaming\Malwarebytes
[2012/07/24 10:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/24 10:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/24 10:32:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/24 10:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/24 08:53:55 | 000,000,000 | ---D | C] -- C:\Users\pulsfort.MUNICH0\AppData\Roaming\hellomoto
[2012/07/13 15:50:03 | 000,000,000 | ---D | C] -- C:\Users\pulsfort.MUNICH0\Desktop\Solystic
[2012/07/11 11:01:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 11:01:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 11:01:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 11:01:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 11:01:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 11:01:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 11:01:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 11:01:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 11:01:36 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 11:01:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 11:01:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 11:01:36 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 11:01:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 09:29:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 09:29:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 09:29:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 09:29:28 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/11 09:29:24 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/11 09:28:56 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 09:28:54 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 10:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2012/07/10 10:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick
[2012/07/10 10:08:26 | 000,014,120 | R--- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmeject.sys
[2012/07/10 10:07:56 | 001,293,824 | ---- | C] (AVM GmbH) -- C:\Windows\SysNative\drivers\fwlanusb4.sys
[2012/07/10 10:07:56 | 000,099,328 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\fwlan4ci.dll
[2012/07/06 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\pulsfort.MUNICH0\Desktop\ImageS China Issue
[2012/07/03 12:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/03 12:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/25 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\pulsfort.MUNICH0\AppData\Local\Macromedia
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/24 11:54:30 | 000,907,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/24 11:54:30 | 000,745,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/24 11:54:30 | 000,154,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/24 11:53:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\pulsfort.MUNICH0\Desktop\OTL.exe
[2012/07/24 11:50:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 11:50:02 | 3112,566,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/24 11:49:11 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 11:49:11 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 11:44:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/24 10:32:59 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 16:33:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/23 16:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/14 14:52:24 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3480706288-3022467568-712898994-1113Core1cd61bf840a8c1b.job
[2012/07/14 09:59:08 | 000,113,245 | ---- | M] () -- C:\Users\pulsfort.MUNICH0\Desktop\www.munich-airport.de.pdf
[2012/07/12 13:21:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 13:21:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 20:06:31 | 000,002,416 | ---- | M] () -- C:\Users\pulsfort.MUNICH0\Desktop\Google Chrome.lnk
[2012/07/11 13:12:21 | 000,046,250 | ---- | M] () -- C:\Users\pulsfort.MUNICH0\Desktop\0910_Gomastit_2040_TDS.pdf
[2012/07/11 11:33:41 | 000,001,135 | ---- | M] () -- C:\Users\pulsfort.MUNICH0\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/11 11:15:07 | 000,312,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/09 11:48:42 | 013,503,507 | ---- | M] () -- C:\Users\pulsfort.MUNICH0\Desktop\TD uncooled IR - AVT Meeting June 2012.pdf
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/28 08:58:23 | 000,000,488 | RHS- | M] () -- C:\Users\pulsfort.MUNICH0\ntuser.pol
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/24 10:32:59 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/14 14:52:24 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3480706288-3022467568-712898994-1113Core1cd61bf840a8c1b.job
[2012/07/14 09:59:07 | 000,113,245 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\Desktop\www.munich-airport.de.pdf
[2012/07/11 13:12:21 | 000,046,250 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\Desktop\0910_Gomastit_2040_TDS.pdf
[2012/07/10 10:08:35 | 000,013,189 | R--- | C] () -- C:\Windows\instwcli.inf
[2012/07/10 10:07:56 | 000,049,792 | ---- | C] () -- C:\Windows\SysNative\drivers\fwlanusb4.bin
[2012/07/09 12:24:27 | 013,503,507 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\Desktop\TD uncooled IR - AVT Meeting June 2012.pdf
[2012/06/28 15:21:18 | 001,481,186 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\Desktop\SaperaCameraSDK.pdf
[2012/05/22 10:06:11 | 000,001,552 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\.recently-used.xbel
[2012/01/18 18:03:47 | 000,004,063 | ---- | C] () -- C:\Windows\scad3.INI
[2012/01/10 15:49:43 | 000,007,600 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\AppData\Local\Resmon.ResmonCfg
[2011/04/13 09:36:25 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/04/13 09:36:25 | 000,000,219 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/03/01 12:24:37 | 000,072,080 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\g2mdlhlpx.exe
[2010/12/06 12:22:59 | 000,000,016 | ---- | C] () -- C:\ProgramData\.7486160831680234
[2010/10/11 11:10:31 | 000,003,584 | ---- | C] () -- C:\Users\pulsfort.MUNICH0\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/18 15:55:25 | 000,000,488 | RHS- | C] () -- C:\Users\pulsfort.MUNICH0\ntuser.pol
[2010/06/18 15:55:00 | 000,005,268 | RHS- | C] () -- C:\ProgramData\ntuser.pol
< End of report >
Extras Log: Code:
OTL Extras logfile created on: 7/24/2012 11:56:12 AM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\pulsfort.MUNICH0\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3.87 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 81.83% Memory free
7.73 Gb Paging File | 7.07 Gb Available in Paging File | 91.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.40 Gb Total Space | 128.55 Gb Free Space | 45.68% Space Free | Partition Type: NTFS
Drive D: | 1.99 Gb Total Space | 1.90 Gb Free Space | 95.50% Space Free | Partition Type: FAT32
Drive F: | 124.44 Gb Total Space | 20.03 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Drive K: | 124.44 Gb Total Space | 20.03 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Computer Name: W7-PULSFORT-NB | User Name: pulsfort | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C42DB4B-1D35-426B-94A1-48D691CE5B77}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{0CAB6A3E-0111-4228-BF5D-358EA7EC3B1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0DDEE67B-10EE-4A78-B7FA-EF3DCDE48CB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0EBE907A-E6CD-4A60-B762-2165AA1B675F}" = lport=138 | protocol=17 | dir=in | app=system |
"{10FB510C-1C84-46F3-9112-928AC5515003}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22A996AD-0BEA-4374-A5C8-7B5DD44EE2ED}" = lport=137 | protocol=17 | dir=in | app=system |
"{2B501E0D-2904-4C49-A775-F03CB3E74B49}" = rport=138 | protocol=17 | dir=out | app=system |
"{2F8D085C-3FA0-4A44-93CB-CF0191C8862F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5C928DB0-D523-441B-BBE0-F99C24AFC0C9}" = rport=139 | protocol=6 | dir=out | app=system |
"{6AC45DD9-F70B-49A2-A81E-7E536208830E}" = rport=137 | protocol=17 | dir=out | app=system |
"{72CBDE1C-9DF9-4B5B-AEE6-5C2B1CFD6F31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BE9F56C-846A-42F9-9747-808071C22A04}" = lport=445 | protocol=6 | dir=in | app=system |
"{8FEE05F3-FEDC-4410-A57C-7377B3165541}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A17C5371-DB6C-4B66-8CB0-AFA9FC5D5A4E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A63BE148-7EF5-487E-BE19-CD37F68B757A}" = rport=445 | protocol=6 | dir=out | app=system |
"{CC570A95-74B7-4684-86E8-44192C1D8B83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6D9762D-B0C7-4F86-857E-F2884D167AA2}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16225C20-A393-436B-A3BE-BDE4E72BC8FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1BC47899-29DA-47DA-8D04-88B846A3807D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1E557213-2693-4F08-B718-D41E089D94FC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{1F519A71-F208-424B-9614-815732716B26}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{2A70A2D6-3BA5-46D0-8B59-0435A68CA153}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3BF980D8-C2EC-4144-B186-8CDF41ADC13E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5018C3AD-2612-4B1D-B65F-7EF74CC56264}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{65CDFAB3-39F3-41AB-8D1F-E5DFD12B5F29}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{680A34E3-62CA-4040-A006-7245249D5B28}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{7511F001-FB51-4DCB-8C7E-E7C76D0C9119}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7A408F6D-6385-4CB4-ABB9-D4C17E96186D}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{7B47DBB0-5E46-430F-BA7C-E429E442CB21}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{8022FC96-9A4A-4D39-8DE8-045F974C074F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{859099CB-9B5C-47E4-AED5-1CB0FD18C18E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9070B90C-D7C6-47A2-99AC-741DB8B70DDD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{90D9BB57-DED3-4A49-9B39-7949F3EDDA71}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A242F5DA-8892-4544-B461-91523E33AF62}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A34AF56A-82EE-4425-A92F-F67CD7484F59}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B1FF2B42-5B38-4BFD-B634-3F316320EEDA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{C23CDB6C-578D-4595-9B1D-99041FC7C67A}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{C261493C-3D57-4181-B720-EC74CC0D1D1E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{C47E0A8C-FC83-4642-A3F6-5CAC5EA7423A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{E50F18ED-3A8A-4450-8CB4-5BEC26AB1F50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E74182CF-FA68-482E-8568-DF17B643FE5C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{F9481239-BE50-48A5-A58E-1A4B87E249FC}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{0592AC66-BE45-4EC3-8A45-DDE0E7CE1873}" = Microsoft Visual Studio 2005 64bit Prerequisites (x64) - DEU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0D86482F-24B7-4DFA-A993-ACC2C9AD0031}" = Dell Control Point 64
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel(R) Network Connections 14.8.43.0
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{258C1129-0FD3-4513-8F49-469524FF8B1A}" = Microsoft Visual Studio 2005 Remote Debugger (x64) - DEU
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{38C75838-BEBC-41BB-9306-2BA3D4DC4E94}" = Wave Infrastructure Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{87EBE6AA-E4AA-4F3B-975C-72575C660BE7}" = Dell ControlPoint System Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}" = Gemalto
"{A6DDE7CF-70DF-41BF-A648-A7160DD52215}" = SO64MMWrapper
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{D7C307E7-96A7-4BEE-ACF8-D795007E7C16}" = 64 Bit HP CIO Components Installer
"{DB13A32E-D83A-491F-9529-224AA7A2BD38}" = Dell ControlVault Host Components Installer 64Bit
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EF7F706C-50C4-41D8-8600-4AF6B21F2D96}" = DCP64MMWrapper
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Microsoft Visual Studio 2005 Remote Debugger (x64) - DEU" = Microsoft Visual Studio 2005 Remote Debugger (x64) - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 14.8.43.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00610407-7C6C-486A-BB1D-80CEAC7E076B}" = Microsoft Visual Studio 2005 Professional Edition - DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{03A1E44A-4B8B-4FEC-8368-B30F8FFDA0B6}" = Teledyne DALSA Sapera LT SDK 7.20.01.1115
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DA750F9-797D-469C-A45C-215E656D7307}" = MSDN Library for Visual Studio 2005 - German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29A608AC-5AC2-4E83-AD98-AB1D7C712550}" = Teledyne DALSA X64 Xcelera-CL+ PX8 Device Driver 1.10.01.0202
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{429DDF39-8056-4266-B8AC-F725E696AFFB}" = eBUS Driver Suite 1.1.1.921
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6E1EA9-4704-4750-868A-AEB398168DA6}" = Microsoft Document Explorer 2005 Language Pack - DEU
"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix Online Plug-in (USB)
"{5775936C-ABB9-4F49-B7BC-37A6DB001EFD}" = QlikView Plugin
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7681A1A9-D865-4DC0-A319-41A49F5E78DB}" = Citrix Online Plug-in (PNA)
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D3BEF52-F71E-4CFD-B5D9-DE72F2CF54DC}" = Kubotek Spectrum 6.3
"{7E7A2DE4-BB59-478F-800B-86CD89325286}" = DALSA Sapera Processing 7.20.1.512
"{81ABC4A0-DE63-11DE-8A39-0800200C9A66}" = FreeCAD 0.10
"{844EFBA7-1C24-93B2-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86_x64) WinSXS MSM
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{88C10FAC-D997-4804-B1F1-B4BF493A61B6}" = eBUS Driver Suite 1.1.1.921
"{88F93A2E-A2F3-4C36-B3D3-EEB274AA2C1C}" = Microsoft Device Emulator Version 1.0 - DEU
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}" = Sentinel Protection Installer 7.6.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A6F6725C-12C3-42B5-9647-8668E1BEE2D2}" = Microsoft SQL Server 2005 Mobile [DEU] Developer Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix Online Plug-in (Web)
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{BAC520D7-CE81-411D-A3A2-8D9C7F2DA3EF}" = Citrix Online Plug-in (SSON)
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBE45D37-2D2E-426F-8EF6-5075CE4D382B}" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C291C2D5-8A9C-46BE-8A96-6A60DB4AC482}" = Reader 2.0
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix Online Plug-in (HDX)
"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix Online Plug-in (DV)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F7E2D757-1116-42CC-A6CA-04788EED5FED}" = WebEx Productivity Tools
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"CitrixOnlinePluginFull" = Citrix Online Plug-in
"Dell Webcam Central" = Dell Webcam Central
"Fences" = Fences
"FileZilla Client" = FileZilla Client 3.5.3
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"LTspice IV" = LTspice IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2005 Language Pack - DEU" = Microsoft Document Explorer 2005 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Language Pack - DEU" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - DEU" = Microsoft Visual Studio 2005 Professional Edition - DEU
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSDN Library für Visual Studio 2005 - Deutsch" = MSDN Library für Visual Studio 2005 - Deutsch
"RarZilla Free Unrar" = RarZilla Free Unrar
"Reader2.0" = Reader 2.0
"SFOLP" = ShareFile Outlook 2007 Plug-in
"SonicWALL SSL-VPN NetExtender" = SonicWALL SSL-VPN NetExtender
"STANDARD" = Microsoft Office Standard 2007
"TeamViewer 7" = TeamViewer 7
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.7.0.595
"IDA-STEP" = IDA-STEP
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/24/2012 4:10:39 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = SFUpdater | ID = 0
Description =
Error - 7/24/2012 4:10:39 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = SFUpdater | ID = 0
Description = * Unhandled error in worker thread System.NullReferenceException: Object
reference not set to an instance of an object. at ShareFile.UpdateServiceCore.MainService.BackgroundTask()
at ShareFile.UpdateService.ServiceMain.BackgroundTask() at ShareFile.ServiceBase.ServiceBaseClass.RunBackgroundTask()
Error - 7/24/2012 5:07:45 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.
Error - 7/24/2012 5:07:45 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 7/24/2012 5:07:49 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.
Error - 7/24/2012 5:07:49 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 7/24/2012 5:18:59 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.
Error - 7/24/2012 5:18:59 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 7/24/2012 5:19:02 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.
Error - 7/24/2012 5:19:02 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
[ Media Center Events ]
Error - 3/11/2011 7:53:27 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 12:53:27 - Error connecting to the internet. 12:53:27 - Unable
to contact server..
Error - 5/5/2011 1:17:24 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 07:17:24 - Error connecting to the internet. 07:17:24 - Unable
to contact server..
Error - 5/5/2011 1:17:38 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 07:17:29 - Error connecting to the internet. 07:17:29 - Unable
to contact server..
Error - 5/20/2011 2:23:09 PM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 20:22:47 - Error connecting to the internet. 20:22:47 - Unable
to contact server..
Error - 5/20/2011 3:23:16 PM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 21:23:13 - Error connecting to the internet. 21:23:13 - Unable
to contact server..
Error - 5/20/2011 4:23:25 PM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 22:23:21 - Error connecting to the internet. 22:23:21 - Unable
to contact server..
Error - 5/20/2011 5:23:33 PM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = MCUpdate | ID = 0
Description = 23:23:30 - Error connecting to the internet. 23:23:30 - Unable
to contact server..
[ OSession Events ]
Error - 6/30/2010 6:46:04 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2983
seconds with 780 seconds of active time. This session ended with a crash.
Error - 6/30/2010 7:07:53 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 183
seconds with 60 seconds of active time. This session ended with a crash.
Error - 12/9/2010 3:41:12 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57
seconds with 0 seconds of active time. This session ended with a crash.
Error - 5/24/2011 8:09:46 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1067 seconds with 1020 seconds of active time. This session ended with a
crash.
Error - 6/20/2011 7:24:05 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 44
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/20/2011 7:24:30 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12/12/2011 3:49:40 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 227
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/24/2012 5:50:32 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 7/24/2012 5:50:32 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 7/24/2012 5:50:32 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 7/24/2012 5:50:33 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 7/24/2012 5:50:33 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 7/24/2012 5:50:34 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll
Error
Code: 21
Error - 7/24/2012 5:51:02 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = DCOM | ID = 10005
Description =
Error - 7/24/2012 5:51:07 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = DCOM | ID = 10005
Description =
Error - 7/24/2012 5:51:08 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = DCOM | ID = 10005
Description =
Error - 7/24/2012 5:51:09 AM | Computer Name = W7-PULSFORT-NB.MUNICH.DALSA.ORG | Source = DCOM | ID = 10005
Description =
< End of report >
Nach einem Neustart im Standard-Modus wird die Trojanermeldung nun nicht mehr angezeigt. Welche weiteren Schritte sollte ich noch unternehmen um das System vollständig sauber zu bekommen?
Vielen Dank im Voraus für eure Hilfe!
Gruß....Uwe |
